Computer system capable of supporting a plurality of independent computing environments

ABSTRACT

A method for a computer repairing itself to an operational status at any time during operation, the method comprising the computer-executed steps of: booting from a first hard disk drive boot device disposed within a main computer hardware box of the computer; then, in response to a signal indicating a need for repair of the computer during the booting or during any operating state, booting from a second hard disk drive boot device also disposed within the main computer hardware box of the computer prior to the signal indicating a need for repair; and then repairing software on the first hard disk drive while booted from the second hard disk drive boot device and selectively either: (i) maintaining operation of the computer from the second boot device to restore operational status of the computer during repairing of the software on the first hard disk device, or (ii) changing to operation of the computer from the second boot device to the first boot device to restore operational status of the computer.

RELATED AND BENEFIT APPLICATIONS

[0001] This application claims benefit of priority under one or more of35 U.S.C. 119(e) and. 35 U.S.C. 120 to:

[0002] U.S. patent application Ser. No. 10/075,136, entitled,“On-The-Fly Repair Of A Computer,” filed Nov. 19, 2001, naming KennethLargman, Anthony B. More and Jeffrey Blair as inventors;

[0003] U.S. patent application Ser. No. 10/074,686, entitled, “ExternalRepair Of A Computer,” filed Feb. 11, 2002, naming Kenneth Largman,Anthony B. More and Jeffrey Blair as inventors;

[0004] U.S. patent application Ser. No. 10/090,480 entitled, “Backup OfA Computer,” filed Feb. 27, 2002, naming Kenneth Largman, Anthony B.More and Jeffrey Blair as inventors; and

[0005] U.S. patent application Ser. No. 10/094,600 entitled, “ComputerWith Special-Purpose Sub-Systems,” filed Mar. 6, 2002, naming KennethLargman, Anthony B. More and Jeffrey Blair as inventors; each of whichapplications are incorporated by reference;

[0006] and this application also claims benefit of priority under 35U.S.C. 119(e) to:

[0007] U.S. Provisional Patent Application No. 60/393,719 entitled,“Computers That Defend Against Viruses, Hacking, Spy Software,Cyber-Terrorism, Theft, and Make Malicious Code Irrelevant,” filed Jul.3, 2002, naming Kenneth Largman, Anthony B. More and Jeffrey Blair asinventors; each of which application is are incorporated by reference.

[0008] This invention relates to computers and information appliancesgenerally, and more particularly to computers and information appliancessupporting security features and failure prevention and recoveryfeatures, and even more particularly to computers capable of supportingmultiple independent computing environments to prevent computer hackingand corruption between the independent computing environments.

BACKGROUND

[0009] Personal-computer manufacturers and sellers often offervia-telephone and on-site repair services. Yet purchasers—particularlyhome, home-office and small-office purchasers—readily complain thattheir service contract offers less service than they expected. Forexample, a computer seller may dispatch a technician only after thepurchaser calls the help center, performs a number of tests under thedirection of the help center, escalates the problem at the telephonehelp center and performs redundant or additional tests under thedirection of a putatively more knowledgeable telephone-help staff. Thepurchaser may have to escalate the problem still further and performadditional redundant tests before a repair technician is dispatched.

[0010] Frequently, the help center directs the customer to cycle thepower on the computer, to re-boot the computer, to detach and reattachperipherals in question and to re-install application andoperating-system software. Each call to the help center and each levelof escalation may require the purchaser to cycle, re-boot, detach andreattach.

[0011] Detaching and reattaching peripherals can be extremelyinconvenient. USB devices, for example, typically attach at the back ofa computer in a location difficult to reach. In any event, thenon-digerati purchaser may fear disassembling his computer, worryingthat he may damage the computer further.

[0012] Help centers even direct a customer to reformat the boot drive ofthe computer and re-install operating-system and application software.Re-formatting is an onerous task for several reasons. Firstly, the home,home-office and small-office user rarely reformats a drive in the normaloperation of his computer and is unfamiliar with the process itself.Secondly, reformatting destroys all the data on the drive, and such auser understandably becomes anxious on finding out that he will lose allof his data. Thirdly, such a user may not retain the application oroperating-system installation media, especially where the sellerpre-installs the software. The user may have been unsure which media tokeep, or intending to keep a particular media, is in fact unable tolocate that media later when needed.

[0013] Fourthly, the user typically does not back up his drives as oftenas an information technologist would recommend. That he will have torely on his back ups (if any) if he is to have any hope of restoring hisapplication is then not a comforting thought.

[0014] Accordingly, the art evinces a need for a computer that reducesor even eliminates the need for a user to call a help line, to keepinstallation media, to attach and reattach peripherals at the port, etc.Indeed, a computer that reduces or eliminates the technical savvy itsuser needs to effect repairs is desirable.

[0015] These and other goals of the invention will be readily apparentto one of ordinary skill in the art on reading the background above andthe description below.

BRIEF DESCRIPTION OF THE DRAWINGS

[0016]FIG. 1 illustrates a computer incorporating an embodiment of theinvention.

[0017]FIG. 2 is a schematic of a data-store switch according to anembodiment of the invention.

[0018]FIGS. 3A through 3B illustrate the switch-and-repair processaccording to one embodiment of the invention.

[0019]FIG. 4 illustrates the flow of control in a data-store switchaccording to one embodiment of the invention.

[0020]FIG. 5 illustrates a computer incorporating an embodiment of theinvention.

[0021]FIGS. 6A, 6B illustrate a computer incorporating an embodiment ofthe invention. FIG. 6A illustrates the enabling of a data store inconjunction with the defeat of access to a communications link. FIG. 6Billustrates the enabling of a data store in order to support access tothe communications link.

[0022]FIGS. 7A, 7B illustrate a computer incorporating an embodiment ofthe invention. FIG. 7A illustrates the computer in its NetworkDisconnected state, while FIG. 7B illustrates the computer in itsNetwork Connected state.

[0023]FIG. 8 illustrates a computer incorporating an embodiment of theinvention.

[0024]FIGS. 9A, 9B illustrate a computer incorporating embodiments ofthe invention.

[0025]FIG. 10 illustrates a computer incorporating an embodiment of theinvention.

[0026]FIG. 11 illustrates another embodiment of a computer incorporatingan embodiment of the invention.

[0027]FIG. 12 illustrates another embodiment of a computer incorporatingan embodiment of the invention and showing a main computer/ComputingHardware box or housing.

[0028]FIG. 13 illustrates a hard drive cable pin out for an IBMTravelstar 20GN, 30GT, and 32 GH rotating magnetic hard disc drive.

[0029]FIG. 14 illustrates an example of Backup and Repair systemSwitching Process as used for repair with other processes such asswitching circuit boards, chips, devices, device identity, data storagedevices, circuitry, global positioning transceiver & transmitteranti-theft and positioning system, computing hardware systems, ROM,backup storage devices, identity indicators, remote trigger and/orswitch, and any Store Execute.

[0030]FIG. 15 illustrates an embodiment of the invention.

[0031]FIG. 16 illustrates an embodiment of the invention.

[0032]FIG. 17 illustrates a laptop computer system, according to theprior art.

[0033]FIG. 18 illustrates a laptop computer system incorporating oneembodiment of the present invention.

[0034]FIG. 19 illustrates a schematic system for supporting multipleindependent computing environments, according to one embodiment of thepresent invention.

[0035]FIG. 20 illustrates a method for using an embodiment of thepresent invention.

[0036]FIG. 21 illustrates a method for initiating computing environmentsof FIG. 20.

[0037]FIG. 22 illustrates a method for configuring one or more switchsystems of FIG. 19.

[0038] (The drawings are not necessarily to scale.)

SUMMARY

[0039] Herein are taught apparatus, methods, computer programs andcomputer program products for a computer to repair itself. In oneaspect, embodiments of the invention provide a method for a computerrepairing itself to an operational status at any time during operation,the method comprising the computer-executed steps of: booting from afirst hard disk drive boot device disposed within a main computerhardware box of the computer; then, in response to a signal indicating aneed for repair of the computer during the booting or during anyoperating state, booting from a second hard disk drive boot device alsodisposed within the main computer hardware box of the computer prior tothe signal indicating a need for repair; and then repairing software onthe first hard disk drive boot device while booted from the second harddisk drive boot device and selectively either: (i) maintaining operationof the computer from the second boot device to restore operationalstatus of the computer during repairing of the software on the firsthard disk device, or (ii) changing to operation of the computer from thesecond boot device to the first boot device to restore operationalstatus of the computer.

[0040] In another aspect, embodiments of the invention provide acomputer, computing system, or information appliance comprising: a maincomputer hardware box or housing; a CPU disposed within the maincomputer hardware box; a memory disposed within the main computerhardware box; first and second controllers for respective first andsecond hard disk drive data storage devices disposed within the maincomputer hardware box; a bus, communicatively coupling the CPU, memoryand first and second controllers; and a switch, communicatively coupledto the second hard disk drive data storage device, for altering theaccessibility of the second data storage device to the CPU and exposedthrough the main computer hardware box or at a surface of the maincomputer hardware box for manipulation by a user.

[0041] In another aspect, embodiments of the invention provide acomputer, computer system or information appliance comprising: aplurality of data stores including at least one protected data store; aplurality of switching system for communicatively coupling at least onesource with a plurality of destinations, including a data store switchsystem wherein the source is a data store source, and a I/O switchsystem wherein the source is a peripheral source; a plurality ofcomputing environments for performing a processing activityindependently of another computing environment, each the computingenvironment is identified by at least one trait selected from aplurality of traits, coupled between the data store switch system andthe I/O switch system, wherein the destination is the computingenvironment, the switching system communicatively couples the source andthe destination according to the traits; at least one control computingenvironment selected from the plurality of computing environments forconfiguring the switch configuration according to the processingactivity and the traits, communicatively coupled with the protected datastore; and, at least one user computing environment selected from theplurality of computing environments, wherein the processing activity isnot performed on the protected data store.

[0042] In another aspect, embodiments of the invention provide acomputer system comprising: a plurality of data stores; a protected datastore selected from the plurality of data stores for storing at leastthe user data; a data store switch system coupled with the plurality ofdata stores, the switch system coupled with a data store switchconfiguration for configuring communication with one or more data store;an I/O switch system coupled with at least one peripheral, the I/Osystem coupled with an I/O system configuration including a plurality oftraits for configuring the communication with the peripheral; aplurality of computing environments, each the computing environmentidentified by at least one trait selected from the plurality of traits,including: a data store switch communication path coupled with the datastore switch, the data store switch communication path coupling at leastone data store with the computing environment according to the datastore switch configuration; an I/O switch communication path coupledwith the I/O switch system, the I/O switch communication path forcoupling the peripheral with the computing environment according to theI/O switch system configuration; the computing environment capable ofperforming a processing activity including receiving input from the I/Oswitch system and sending output to the I/O switch system, theprocessing activity performed independently of the processing activityof another computing environment; a control computing environmentselected from the plurality of computing environments for configuringthe data store switch configuration, for configuring the I/O switchsystem configuration, the data store switch configuration supportingcommunication between the control computing environment and theprotected data store; and at least one user computing environmentselected from the plurality of computing environments; wherein the I/Oswitch system configuration is configured to direct a received input toat least one of the computing environment based on the trait, the I/Oswitch system configuration is configured to direct an output generatedby one or more of the plurality of computing environments to theperipheral based on the trait.

[0043] In another aspect, embodiments of the invention provide acomputer system comprising: a communication device for communicatingover a communications link to a second computer system, a port forcommunicatively coupling the computer system and the communicationdevice over a bus having a plurality of data lines; and, a switchcoupled within the data line selected from the plurality of data linesfor enabling and disabling the communication device.

[0044] In another aspect, embodiments of the invention provide acomputer system comprising: a port for communicatively coupling thecomputer system and a peripheral over a bus having a plurality of datalines; and a switch coupled to at least one data line selected from theplurality of data lines for cycling the peripheral.

[0045] In another aspect, embodiments of the invention provide computersystem comprising: one or more peripheral devices including a means forcommunication, an coupling member, and a capability for emitting light;a receptacle mechanically coupled with the computer system for engagingthe coupling member of the peripheral device; and, a port forcommunicatively coupling the computer system and the peripheral devicescoupled with receptacle.

[0046] In another aspect, embodiments of the invention provide acomputer system comprising: a plurality of data stores; a data storeswitch coupled with the plurality of data stores for altering theaccessibility of the data store; a peripheral controller forcommunicatively coupling the data store switch and the computer system;an accessible data store selected from the plurality of data storescommunicatively coupled with the peripheral controller; and a computerprogram including at least one instruction capable of executing on thecomputer system, the instruction for analyzing the accessible data storeto determine a health of the accessible data store; the health selectedfrom a group of healths consisting of: a corruption health, and acorrect health; if the corruption health is determined then the datastore switch is actuated to remove accessibility to the accessible datastore, and add a second accessible data store, if the correct healththen the data store switch remains is not altered.

[0047] In other aspects the invention provides methods and proceduresfor configuring and operating the computers, computer systems, networks,and information appliances in the manner described. In other aspects theinvention provides computer programs and computer program productsimplementing the inventive methods and procedures in whole or in part.

DESCRIPTION OF EMBODIMENTS OF THE INVENTION

[0048] Overview of Selected Aspects and Embodiments of the Invention

[0049] An example of the invention in use follows: A user runs anapplication on a computer incorporating an embodiment of the invention.At some point, the user modifies the application or underlying operatingsystem to the point that the application, the operating system or bothbecome unusable. Indeed, the user may no longer be able to even boot theoperating system.

[0050] Recognizing that the computer needs to be repaired, the userthrows a switch on the computer. The computer fixes the malfunctioningsoftware and so informs the user.

[0051] The user can then re-boot the computer. On re-booting, the useragain has access to a correctly functioning operating system,application and data files.

[0052] A Self-Repairing Computer

[0053]FIG. 1 illustrates a computer 1 incorporating an embodiment of theinvention. The computer 1 may include a CPU 10, volatile memory 11,peripheral controllers 17, 18, a first non-volatile data store 12 and abus 15, all well known in the art.

[0054] The computer 1 may also include switches 13, 19, a secondnon-volatile data store 14, a controller 1A, a power supply 1B, anoutput device 1C and an input device 1D.

[0055] The bus 15 may communicatively couple the volatile memory 11 andthe peripheral controllers 17, 18 to each other and to the CPU 10. Theperipheral controllers 17, 18 may communicatively couple with the datastores 12, 14, respectively.

[0056] The switches 13, 19, the controller 1A, power supply 1B, outputdevice 1C and input device 1D may form a data-store switch 1Z. Adata-store switch may alter the accessibility of a connected data storeaccording to the setting of the switch.

[0057] The controller 1A may communicatively couple with the switches13, 19, the output device 1C and the input device 1D. The power supply1B may supply the controller 1A (and other switch components) withpower. More particularly, the power supply 1B may power the controller1A independently of the power to the rest of the computer 1.

[0058] The power to the switch 1Z may come from the same source as thepower for the rest of the computer (the wall outlet or laptop battery,for example). The switch 1Z may then be powered from that supply evenwhen the rest of the computer 1 is not. FIG. 10 illustrates thisembodiment of the invention.

[0059] The switch 13 may communicate with the data store 12. The switchmay control (toggle, for example) the identification settings of thedata store 12.

[0060] The switch 19 may couple to the data store 14. The switch 19 maycontrol (toggle, for example) the power to the data store 14.

[0061] The volatile memory 11 may be random-access memory. The datastores 12, 14 may be magnetic disks, for example.

[0062] The output device 1C may be the monitor of the computer 1, LEDsor an LCD distinct from the monitor, for example.

[0063]FIG. 2 is a schematic of the data-store switch 1Z according to anembodiment of the invention. In FIG. 2, the opto-isolators U2, U3implement the switches 13, 19, respectively. The Basic Stamp IImicrocontroller U1 (from Parallax, Inc., Rocklin, Calif.) implements thecontroller 1A. The battery V3 implements the power supply 1B. The LCDdisplay port J1 represents the output device 1C, and the switches S1, S2implement the input device 1D. (Opto-isolator U4 detects whether thecomputer 1 has power.)

[0064] In a first mode of operation herein termed “normal mode,” thecomputer 1 may run a predetermined operating system and application.Accordingly, the data store 12 may contain a correctly functioning copyof that software. The CPU 10 may access the data store 12, boot theoperating system and then execute that application.

[0065] The data store 12 is termed herein the “boot data store.” Thedata store 12 may contain a bootable, executable operating system andexecutable application.

[0066] The data-store switch 1Z may make the data store 12 accessible tothe computer 1 as the boot drive (by means of the switch 13, forexample). The data-store switch 1Z may also make the data store 14inaccessible to the computer 1 (by means of the switch 19, for example).Otherwise, the data-store switch 1Z may idle, waiting for user input onthe device 1D.

[0067] In the normal stage, the computer 1 may perform as a conventionalcomputer. The user may run his application software, inattentive to theinvention incorporated into the computer 1.

[0068] In a third mode of operation herein termed the “repair mode,” theCPU 10 may run software on the data store 14 and the controller 1A mayexecute a program in parallel. A mode intermediate to the normal andrepair modes, herein termed the “switching mode,” may effect thetransition from normal to repair mode.

[0069] In the switching mode, using an input device such as the device1D the user may indicate that he wishes to repair software on the datastore 12. (FIGS. 3A and 3B illustrate the switch-and-repair processaccording to one embodiment of the invention.) In response to the input,the computer 1 may switch from normal operation to repair, step 310, andrepair the software on the data store 12, step 320.

[0070] The switching of a data store may be logical or physical. Logicalswitching is switching enforced purely by software. For example,software may set one or more predetermined bits that it or othersoftware tests to determine whether a data store is accessible at anygiven time.

[0071] A physical switch opens or closes a predetermined electricalcircuit of a device to be switched. A physical switch may, for example,alter the open/close state of identification jumpers of a data store. Aphysical switch may turn on or off the power supply to a device to beswitched.

[0072]FIG. 4 illustrates the flow of control in a data-store switch 1Zaccording to one embodiment of the invention. On start up, thedata-store switch 1Z may go into normal mode of operation. In thisstage, the switch 1Z may set the switch 13 to make the data store 12 theboot drive, step 4A3. The switch also may set the switch 19 to leave thetemplate data store 14 unpowered.

[0073] The data-store switch 1Z may then idle, waiting for the user toinitiate the switch to repair mode, step 4A5. The data-store switch 1Zmay display a message indicating that it is in normal mode, step 4A1.

[0074] When the data-store switch 1Z receives an indication to switch torepair mode, the switch 1Z may ask the user to confirm this indication,step 4B5. Confirmation is preferable where the repair process isdestructive before it is constructive. Confirmation is preferable alsobecause the activation of the input device indicating the switch torepair mode may have been accidental or ill considered.

[0075] On confirmation if requested, the data-store switch 1Z may switchpower to the data store 14, step 4B9, making the data store 14accessible to the computer 1. The data store 14 may be permanentlyconfigured to be addressable as the boot drive when it is accessible.Accordingly, the address of the data store 12 may then change.

[0076] In normal operation, the data store 12 may be addressable as theboot drive. However, during the switch, the switch 1Z may change theidentity (address jumpers, for example) of the data store 12 tosomething other than the boot-drive identity.

[0077] The computer 1 is now ready to enter the repair stage.

[0078] Switched physically to repair mode, the computer 1 may boot fromthe template boot drive. The booted program or some other programexecuted during the boot sequence (autoexec.bat, for example, onmachines running Windows™ operating system from Microsoft Corp.,Redmond, Wash.) may query the user.

[0079] In one embodiment, on rebooting the computer 1 may automaticallyrepair the data drive 12. It copies software from the template datastore 14 to the data store 12 without further direction from the user.Previously set user preferences may, however, direct the course ofrepair.

[0080] Thus, where the template data store 14 contains only applicationsoftware, the repair process may copy over or re-install thatapplication software from the template data store 12. Where the templatedata store contains operating-system and application software, therepair process may copy over or re-install the operating system firstand then the application software.

[0081] Uninstallation or deletion of an application may precedere-installation or copying over of that software. Re-formatting of thedata store 12 may precede re-installation or copying over of theoperating system. Resetting of ROM-resident parameters may precedere-installation or copying over of operating-system or applicationsoftware.

[0082] On completion of the repair, the repair software may direct theuser to switch back to normal mode and re-boot the computer 1.

[0083] Alternatively, the repair process may be menu-driven. The repairprocess may present the user a sequence of options to determine whatrepair process to execute. For example, on re-boot in repair mode, therepair software may offer the choices of running the repair process,reviewing repair-process settings, updating the template software (theapplication, operating system or repair-process software itself) andquitting the repair process.

[0084] The template data store 14 may contain application software,operating-system software and repair-process software. The applicationsoftware may include the executable software itself (.exe, .dll, .o,etc.) or the files created by the application (.wpd files for CorelWordPerfect word-processing software, for example).

[0085] The software on a template data store 14 typically is anoperating system and may include one or more applications, along withthe underlying software to run the operating system (and any includedapplication) on a computer with a predetermined configuration. Theunderlying software may include one or more boot records, one or morepartition tables or a BIOS.

[0086] The template software is created by installing software onto adata store, by copying installed software onto the data store or bycopying installation software onto a data store. (Installed softwareincludes data files and other pre-existing software.)

[0087] The template data store software may be updated. Where thetemplate software is installation-ready software, that installationsoftware may be updated to a different, usually later, version. Wherethe template software is a backup of the software on the data store 12,a different, usually more recent, backup of the data-store softwarereplaces or supplements that software.

[0088] Repair-process settings may include whether to recover data, runa virus check, reformat the data store, revert to a backup, run ahuman-mediated (i.e., manual) or an automatic repair, run diagnostics(software or hardware, for example). Repair-process settings may alsoinclude whether to format and at what level (quick versus low-level, forexample), what software to re-install (operating system (OS) only; OSand executable-application software; OS, executable-application softwareand application data files; data files only, for example), whether toswitch automatically (i.e., under program or hardware control), whatlevel of repair to run (quick, better or best, in one embodiment),whence to setup (backup or template, in one embodiment) and whence torecover data files (most recent backup prior to repair, backup at thetime of repair, other predetermined backup, query-and-response-specifiedbackup, as examples).

[0089] The repair process may entail recovering a usable version of theappropriate data file. In some instances of computer repair, the problemis not so much with the operating-system or executable-applicationsoftware so much as with the files (usually data files) associated withone or more of the applications. If the application in question isMicrosoft Outlook, then the file to be recovered may be themail-and-folder-data.pst file. Where the application is Microsoft'sInternet Explorer, the file to recover may be the favorites file.

[0090] Running a virus check may entail first checking that thevirus-check-and-repair software is up to date. Because new softwareattacks appear daily, and because newer malicious code has a higherchance of delivering a payload, this is not a trivial step. The softwaremay then check for malicious code and repair software, as directed bythe user or by default.

[0091] The above process presupposes that the data store 14 contains acopy of (a version of) the operating-system, application software ordata file on the data store 12. In this sense, this second data store 14is termed herein the “template data store.” With the computer 1 switchedto boot from the template data store 14, the computer 1 may perform theoriginal copying of template software onto the data store 14. (Where thedata store 14 is a read-only medium, it may arrive at the computer 1 ina pre-written state.)

[0092] An example of the operation of the computer 10 follows: Assumethat the data store 12 contains a bootable Windows™ operating system(from Microsoft Corp., Redmond, Wash.). Assume also that the data store12 also contains NaturallySpeaking® application software (Lernout &Hauspie, leper, Belgium and Burlington, Mass.).

[0093] The operating system and the application on the data store 12 mayhave each been run any number of times, and the user may have customizedthe operating system, the application or both to his preferences. Incontrast, the template data store 14 may contain as-installed copies ofthe operating-system and the application software.

[0094] In the course of using his computer 1, the user puts the computer1 into an undesirable state. He may, for example, foul up the optionalsettings of the operating system or application such that he cannotreset them to a usable state. He may download a virus, Trojan horse orother malicious code that changes his operating system, application orboth. The particulars of the malicious code are unknown but the manifesteffect is that the computer 1 is partially or completely inoperable. Hemay remove files critical to the correct operation of the software. Asone of skill in the art will recognize, the ways in which software maybe intentionally or unintentionally altered to the point of unusabilityare legion.

[0095] Recognizing that his computer 1 is in an undesirable state, theuser activates the switch 13, step 300. FIG. 3 illustrates theswitch-and-repair process according to one embodiment of the invention,and step 310 illustrates the actual switching. In response to the switchactivation, step 300, the computer 1 repairs the software on the datastore, step 320.

[0096] The repair process involves copying software from the templatedata store 14 to the data store 14. The software on the template datastore 14 may be a master copy, a backup copy or an archive copy ofsoftware on the data store 12. (An archive is a copy of software, whichcopy cannot be overwritten or deleted.)

[0097] With template software on the template data store 14, thecomputer 1 may re-install or copy over software onto the data store 12.The computer 1 may overwrite all or part of any software on the datastore 12.

[0098] The computer 1 may offer the user options as to how thorough itsattempt to repair itself should be. In one embodiment, the computer 1offers the options of a “Quick Repair,” a “Better Repair,” a “BestRepair” and a “Test.” A Quick Repair may, for example, re-install orcopy template software from the data store 14 onto the data store 12without first re-formatting the data store 12. The Better Repair mayperform a high-level re-format of the data store 12 before that copy orre-installation. A Best Repair may perform a low-level re-format of thedata store 12 before copying over or re-installing software.

[0099] In one embodiment of the invention the first or damaged datastore (such as a failed magnetic hard disc drive) is replaced by theundamaged or second data store and the second data store (such as anoperable magnetic hard disc drive) that had prestored information withinthe housing of the computer before failure occurred. The second storagedevice completely takes over for the failed first storage device. Thedamaged or inoperable first storage device may then be swapped our orreplaced at an opportune time without requiring manual reconfigurationof the replaced storage device. When the first storage device is amagnetic hard disk drive and provides virtual memory or other storagefor software or firmware executing within the computer (including one ormore of a BIOS program, operating system, or application program) thatis required for normal operation of the computer, the second storagedevice may advantageously be selected to be the same type of storagedevice such as a second magnetic hard disc drive so that normaloperation may continue after switching between the failed device (firsthard disk drive) and the replacement device (second hard disc drive). Itwill be appreciated that read and/or write access time of the twostorage devices may be important for providing the desired switchoverbetween the two storage devices in the event of a failure event.Utilizing for example a floppy disk drive, a magnetic tape drive, aCD-ROM, or other device that does not provide for the read and/or writeaccess that that the computer system needs or expects may lead to otherfailure modes, such as time-outs and the like. The storage volume of thesecond device as compared to the first storage device may also presentissues relative to restored operation. Random access to the secondstorage device as compared to the linear access provided by typicalmagnetic tape drive backup systems may also prevent restored operationin normal manner from the second storage device. Not having the seconddevice within the main box, case, or housing of the computer so that itis continuously available and current relative to data and software mayalso prevent the desired restored operation. Therefore, it will beappreciated that providing a magnetic tape drive as the second storagedevice when the first storage device is a high speed magnetic disk drive(or say 100 megabytes) for example would not generally provide anappropriate second storage device that could be switched in for thefailed first storage device hared disk drive because the access time ofthe tape drive may be too slow for the operating system to tolerate andtime-outs are likely to occur, there is no facility to provide thevirtual memory features within the tape storage that are normallyutilized by contemporary operating systems (such as Microsoft Windows95, 98, 98SE, 2000, Linux, Unix, Apple OS, and the like), and the tapedrive would be continuously winding forward and rewinding backward toaccess data and commands stored on the tape at the beginning or middleof the tape and to write new data and/or commands to unused portions ofthe tape at the unused end. Temporary or virtual storage on the order offive to ten or even tens of megabytes may be required to load portionsof the operating system to permit even modest execution capabilities.Floppy disk drive devices (such as the 1.44 MB or similar sized devices)are generally too small to provide sufficient storage for actualoperation of the computer system and are also too small and may be tooslow even if they had sufficient storage capacity.

[0100] On the other hand, providing a second hard disk drive alreadyloaded with an appropriate set of software as described above not onlyprovides an option for restoring the operation of the first hard diskdrive storage device but also affords the option of switching operationfrom the first disk drive storage device to the second disc drivestorage device which further provides an operational environment fromwhich the computer may actually be operated not merely a data storagefrom which a copy of software can be reloaded. It will further beappreciated that if the first hard drive has a hardware failure, such asa head crash, failed controller, failed motor, or the like, restorationfrom such tape drive or floppy drive will not be possible.

[0101] While these distinctions have focused on and specificallymentioned magnetic hard disk drives, it will be appreciated that otherembodiments of the invention may utilize other first and second storagedevices other than hard disc drives so long as the first and secondstorage devices have comparable operating characteristics (such as readand write access times, random access characteristics, and sufficientcapacity to store the data and/or software and provide any requiredtemporary storage for the processor, though not necessarily the same oreven similar storage capacity. Therefore high-speed and moderate to highcapacity storage devices such as soft disc bernouli drives, IOMEGA™-typedrives, solid state RAM memories, and other fast access media as areknown in the art may be used.

[0102]FIG. 4 illustrates the switch-and-repair process in more detail,according to one embodiment of the invention. The switching copiessoftware from the template data store onto the data store, replacing theunusable software on the data store.

[0103] A number of situations occur where the computer 1 may effectrepair without rebooting. For example, if only data files or applicationexecutables need to be repaired, then shutting down the operating systembooted from the data store 12 is not usually necessary—especially innewer operating systems such as Windows 2000 (Microsoft) and moresophisticated operating systems such as Linux.

[0104] Further, a large number of operating-system files can be repaired(for example, by replacement) without shutting down the operatingsystem. Repairing the operating system without rebooting is a preferredembodiment.

[0105] Still further, for backups (automated or otherwise), continuingto run from the data store already booted may be preferable. Where thecomputer 1 can become sufficiently quiescent that a backup from the datastore 12 to the data store 14 can occur while still booted from the datastore 12, then such a backup is quicker than shutting down and backingup the data store 12 while booted from the data store 14.

[0106] Where the data store 12 remains the boot drive when the datastore 14 is simultaneously available, the data store 14 may beaddressable as other than the boot drive. The address of the data store14 may be switched similarly to the address switching of the data store12.

[0107] A Virus-Resistant and Hacker-Resistant Computer

[0108]FIG. 6A illustrates a computer 6 incorporating an embodiment ofthe invention. The computer 6 may include a CPU 60, volatile memory 61,peripheral controllers 67, 68, first and second non-volatile data stores62, 64, data port 69, communications link 6A and buses 65, 66, all wellknown in the art. The computer 6 may also include a data-store switch6Z.

[0109] The bus 65 may communicatively couple the volatile memory 61, theperipheral controllers 67, 68 and the data port 69 to each other and tothe CPU 60. The peripheral controllers 67, 68 may communicatively couplewith the data stores 62, 64, respectively. The data port 69 may mediateaccess to the communications link 6A.

[0110] The bus 66 may communicatively and electrically couple theperipheral controller 67 to the data store 62 and to the boot-storeswitch 6Z. More specifically, the boot-store switch 6Z may switch thepower line 661 of the bus 66, thus powering up or down the boot store62.

[0111] Likewise, the bus 67 may communicatively and electrically couplethe peripheral controller 68 to the data store 64 and to the boot-storeswitch 6Z. The boot-store switch 6Z may switch the power line 671 of thebus 66, powering up or down the boot store 64.

[0112] The port 69 may link the computer 6 to other devices such as amodems, networks, etc. as indicated by the communications link 6A.

[0113] The computer 6 may operate in two states: Connected andDisconnected. In the Disconnected state, the computer 6 does not use thedata port 69 to communicate and the data-store switch may enable thedata store 62.

[0114] By contrast, in the Connected state, the computer 6 may use thedata port 69 to obtain data over the communications link 6A. In theConnected state, the switch may enable the second data store 64.

[0115] Thus, the computer 6 may enable only one of the multiple datastores 62, 64 at any given time, which depending on whether it isaccessing the communications link 6A. This isolates data received overthe communications link 6A to one of the data stores, namely, the datastore 64. Where the data received was maliciously created (a virus or ahacking executable), this data is confined to the data store 64.

[0116] The switching of the data stores 62, 64 may be done under manual,hardware or software control. A mechanical throw switched by the userwhen the user wishes to access (or cease accessing) the communicationslink exemplifies a manual switch. A boot-store switch 6Z that respondsprogrammatically to the CPU 60 illustrates a software-controlled switch.

[0117] For example, if the user boots an Internet browser and thecommunications link 6A is the Internet, then the CPU 60 mayprogrammatically recognize the (intended) launch of a browser andinitiate the switch of the data stores 62, 64. The switch may involvere-booting the computer 6 in order to make the second data store 64 theonly data store available during the use of the communications link 6A.(A browser on the data store 64 may launch automatically on the bootfrom the data store 64.)

[0118] In one embodiment, the computer may synchronously switch the port69 and the second boot store 64. This may improve the resistance of thecomputer 6 to hacking or infection.

[0119]FIG. 6A illustrates the enabling of the data store 62 inconjunction with the defeat of access to the communications link 6A. Thesolid line continuing the power line 661 through the boot-store switch6Z illustrates the accessibility of the data store 62. Conversely, thedashed lined through the switch 6Z illustrates the inaccessibility ofthe data store 64.

[0120]FIG. 6B illustrates the enabling of the data store 64 in order tosupport access to the communications link 6A. The solid power linethrough the boot-store switch 6Z illustrates the accessibility of thedata store 64. Conversely, the dashed lined through the switch 6Zillustrates the inaccessibility of the data store 62.

[0121] The data store 64 may contain application software to process thedata received over the link 6A. In such a setting the need to migratethe data on the data store 64 to the data store 62 may be minimal ornon-existent.

[0122] Where, however, the application to process the data received overthe link 6A and stored on the store 64 resides on the data store 62,then a process of migration is necessary. A predetermined time afterreceiving data over the link 6A, the computer may simultaneously enablethe data stores 62, 64 and copy the data received to the data store 62for processing there. The delay allows, for example, anti-virus softwareproviders to produce and distribute security software addressing threatsthat have come to light since the time of receipt of the data.

[0123] The migration process may be manual or automatic.

[0124] A Lockable Network Computer

[0125]FIG. 7A illustrates a computer 7 incorporating an embodiment ofthe invention. The computer 7 may include a CPU 70, volatile memory 71,a peripheral controller 77, a non-volatile data store 72, a data port79, a communications link 7A and buses 75, 77, all well known in theart. The computer 7 may also include a switch 7Z.

[0126] The bus 75 may communicatively couple the volatile memory 71, theperipheral controller 77 and the data port 79 to each other and to theCPU 70. The peripheral controller 77 may communicatively couple with thedata store 72. The data port 79 may mediate access to the communicationslink 7A.

[0127] The bus 77 may communicatively or electrically couple the dataport 79 to the communications device 7B.

[0128] The port 79 may link the computer 7 to other communicatorsthrough a communication device 7B and over a communications link 7A.Examples of the communications device 7B and link 7A include an acousticmodem 7B and a POTS telephone line 7A; a tap 7B and an ethernet 7A; anda wireless modem 7B and radiation-permeable space 7A.

[0129] The switch 7Z may switch a power line 771 of the bus 77, thuspowering up or down the communications device 7B. The switch 7Z mayswitch (tri-state, for example) a data line 771 of the bus 77, thusinterrupting or enabling the ability of the communications device 7B totransfer data to the data port 79.

[0130] The computer 7 may operate in two states: Network Connected andNetwork Disconnected. FIG. 7A illustrates the computer 7 in its NetworkDisconnected state, while FIG. 7B illustrates the computer 7 in itsNetwork Connected state. (The solid line continuing the power line 761through the switch 7Z illustrates the continuity of the power or dataline 771, and dashed lined through the switch 7Z illustrates thediscontinuity of that line 771.

[0131] In the Network Disconnected state, the switch 7Z may disconnectthe communications device 7B from communicating on the data port 79.Accordingly, none of the software running on the computer 7 may accessthe communications link 7A.

[0132] By contrast, in the Network Connected state, the switch 7Z mayenable the communications device 7B to communicate on the data port 79.Accordingly, software on the computer 7 may access the communicationslink 7A.

[0133] An exemplary use for the computer 7 is where a parent uses thecomputer 7 to access, say, his employer's computer network via a virtualprivate network (VPN) over the Internet 7A. The parent also wants hischild to be able to use the computer 7 for school or recreation—butwithout access to the Internet 7A. The parent thus switches the computer7 into the Network Enabled state when he (the parent) wants to use it,and switches the computer 7 into the Network Disconnected state when thechild is to use the computer 7.

[0134] The switching of the data stores 72, 74 may be done under manual,hardware or software control. A mechanical switch thrown by the userwhen the user wishes to access (or cease accessing) the communicationslink 7A exemplifies a manual switch. A mechanical switch that may belocked with a key, for example, is preferable.

[0135] A switch 7Z that responds programmatically to the CPU 70illustrates a software-controlled switch 7Z. (The CPU 70 may respond toany kind of input, including keystrokes, voice commands, biometric dataand data received over a network.) A hardware switch 7Z may beconsidered as an analog computer.

[0136] A computer 7 running an operating system that supports hotswapping offers an advantage. The addition and removal of thecommunications device 7B from the computer 7 may confuse OSs that do notpermit hot swapping of peripherals.

[0137] A Multi-Data Store Server

[0138]FIG. 8 illustrates a computer 8 incorporating an embodiment of theinvention. The computer 8 may include a CPU 80, volatile memory 81, aperipheral controller 87, multiple non-volatile data stores 82 a, 82 b,. . . 82α, a data port 89, a communications link 8A and a bus 85, allwell known in the art. The computer 8 may also include a data-storeswitch 8Z and a bus 86 consisting of the buses 861 or 862.

[0139] The bus 85 may communicatively couple the volatile memory 81, theperipheral controller 87 and the data port 89 to each other and to theCPU 80. The data port 89 may mediate access to the communications link8A.

[0140] The peripheral controller 87 may communicatively couple with thedata-store switch 8Z. The data-store switch 8Z in turn maycommunicatively or electrically couple to the data stores 82. The bus861 may communicatively couple the data path of the switch 8Z to thoseof the data stores 82, and the bus 862 may electrically couple a powersupply in or through the switch 8Z to the data stores 82.

[0141] The data port 89 may mediate access to the communications link6A. The port 89 links the computer 8 to other communicators over thecommunications link 7A.

[0142] The computer 8 may operate in any of N states, where N is thenumber of data stores 82. In a first state, the data-store switch 8Zenables the first data store 82 a to communicate with the peripheralcontroller 87. In the second state, the switch 8Z enables the seconddata store 82 b to communicate with the peripheral controller 87, and inthe Nth state, the switch 8Z enables the Nth data store 82α tocommunicate with the peripheral controller 87.

[0143] The corruption or other failure of the data store 82 currentlycommunicating with the controller 87 prompts the switching from onestate to another, and thus from the failed data store to another,working data store 82. (The failed data store 82 may then be repaired inplace, or it may be removed and repaired, removed and replaced, orremoved permanently.)

[0144] Where, for example, the computer 9 is a web server and thecommunications link 8A is the Internet, the multiple data stores 82 mayprovide resistance against infection and hacking by malicious users ofthe

[0145] Internet 8A. If the hackers succeed in corrupting the data storecurrently attached to the peripheral controller, then a switching mayoccur from that corrupted data store 82 to another correct data store82. This switching may occur very quickly (preferably as quickly aspossible) in order to minimize the loss of access to the data on thedata stores 82.

[0146] The switching may be manual, hardware or programmatic. Forexample, a diagnosis program may execute periodically to determine thehealth of the currently accessible data store 82.

[0147] A Computer With Peripherals That can be Cycled

[0148]FIG. 9A illustrates a computer 9 incorporating an embodiment ofthe invention. The computer 9 may include a CPU 90, volatile memory 91,a controllers 97, 98, a non-volatile data store 92, a port 99, aperipheral 9B and buses 95, 97, all well known in the art. The computer9 may also include a switch 9Z.

[0149] The bus 95 may communicatively couple the volatile memory 91, thecontrollers 97, 98 to each other and to the CPU 90. The controller 97may communicate with the data store 92. The controller 98 maycommunicate with the peripheral 9B.

[0150] The bus 97 may communicatively or electrically couple the port 99(and thus the controller 98) to the peripheral 9B.

[0151] The peripheral 9B may be any computer peripheral. Examplesinclude printers, USB devices, scanners, fax machines, data stores andkeyboards.

[0152] The switch 9Z may switch a power line 971 of the bus 97, thuspowering up or down the peripheral 9B. The switch 9Z may switch one ormore data lines 972 of the bus 97, thus disabling or enabling theperipheral 9B to transfer data to the port 99.

[0153] A user of the computer 9 may be using the peripheral 9B,transmitting or receiving data on the from the device 9B as expected.The switch 9Z is supplying power to the peripheral 9B.

[0154] At some point, the computer 9 becomes unable to communicate withthe peripheral 9B. This may be caused by an error in the software orhardware of the computer 9, including software or logic of theperipheral 9B.

[0155] The user attempts to revive communications with the peripheral9B. The user may. for example, cycle the power to the peripheral 9B.Thus, the user changes the state of the switch 9Z such that the switch9Z goes from powering to the peripheral 9B, to not powering thatperipheral 9B, to again powering that peripheral 9B. This switching maybe done manually, in hardware, or programmatically.

[0156] The cycling of the peripheral 9B may resolve the communicationproblem that the user was experiencing. For example, where the problemwas with the software or logic of the peripheral 9B, then the powercycling may clear the software or logic state of the peripheral 9B.Where the problem was with the software or logic of the computer 1,cycling the power may clear the software or logic state f the controller97 or applications running in the memory 91.

[0157]FIG. 9B illustrates an alternate embodiment of the computer 9. Theswitch 9Z switches both power and data lines.

[0158] A Multi-User Computer

[0159]FIG. 5 illustrates a computer 5 incorporating an embodiment of theinvention. The computer 5 may include a CPU 50, volatile memory 51, aperipheral controller 57, multiple non-volatile data stores 52 a, 52 b,. . . 52α and a bus 55, all well known in the art. The computer 5 mayalso include a data-store switch 5Z and a bus 56 consisting of the buses561 or 562.

[0160] The bus 55 may communicatively couple the volatile memory 51, theperipheral controller 57 and the data port 59 to each other and to theCPU 50.

[0161] The peripheral controller 57 may communicative with thedata-store switch 5Z. The data-store switch 5Z in turn maycommunicatively or electrically couple with the data stores 52. The bus561 may communicatively couple the data path of the switch 5Z to thoseof the data stores 52, and the bus 562 may electrically couple a powersupply in or through the switch 5Z to the data stores 52.

[0162] The computer 5 may operate in any of N states, where N is thenumber of data stores 52. In a first state, the data-store switch 5Zenables the first data store 52 a to communicate with the peripheralcontroller 57. In the second state, the switch 5Z enables the seconddata store 52 b to communicate with the peripheral controller 57, and inthe Nth state, the switch 5Z enables the Nth data store 52α tocommunicate with the peripheral controller 57. Only one data store 52may access the peripheral controller 57 at any given time.

[0163] In one embodiment, the computer 5 has only one controller withmultiple devices. In another embodiment, the computer 5′ has multiplecontrollers, each with respective multiple peripherals. The switchingthen switches among the multiple peripherals of the first controller,the multiple peripherals of the second controller, etc. (The multiplecontrollers need not have the same number of multiple peripherals.)

[0164] Each data store 52 may contain self-contained software for arespective user or group of users. Each data store 52 may contain abootable operating system, and optionally such application or data filesas the user(s) corresponding to the data store 52 may require or desire.

[0165] Each user or group of users may use only a predetermined one (ormore) of the data stores 52. Thus, before using the computer 5, a usersets the switch 5Z to the predetermined position enabling the data store52 corresponding to that user to communicate via the controller 57.

[0166] In this way, a first user's data is separated from a seconduser's data on the same computer. The computer 5 more effectivelyseparates users' data by enforcing security at a physical level ratherthan at the logical (software-enforced) level typical of multi-useroperating systems.

[0167] In this scenario, re-booting between switches is desirable.Re-booting clears out the memory 51 in the switch from one user toanother. Also desirable is a multi-key, multi-position lock. Any one keymay turn the lock to any one predetermined position, enabling onecorresponding data store 52.

[0168] The invention now being fully described, one of ordinary skill inthe art will readily recognize many changes and modifications that canbe made thereto without departing from the spirit of the appendedclaims. For example, in addition to switching software, data stores orother peripherals as described above, a computer may also switchproperly functioning hardware for malfunctioning hardware. Indeed, in acomputer with multiple mother boards, a switch may switch thefunctioning components of a computer from one board to another.

[0169] Also, while the description above usually uses data stores as thedevices to switch, one of skill in the art will readily now realize thatother computer components may be switched, including logic boards, ROMand controllers.

[0170] Under certain circumstances, danger or damage may follow fromswitching when power is supplied. Accordingly, a switch may bedeactivated when such danger or damage may result. Logic such as thecontroller 1A may prevent dangerous or damaging switching by trackingpower states, device identities, etc. and permitting switching, forexample, when no electrical current is flowing to the devices to beswitched.

[0171] Preferably, the switch is located in an easy-to-reach location.This contrasts with the typical location of USB, keyboard and otherports, for example.

[0172] Some additional or optional features and characteristics ofembodiments of the invention are now described.

[0173] The repair scripts made backups of the user's data storagedevice, reformatted the data storage device as necessary, and thenreplaced some or all of the operating system data, and/or other settingsand/or data. These repair scripts and programs were loaded onto theprototype, and after a few adjustments, we got the contraption working.

[0174] For the first time, in conjunction with a combination of ourrepair scripts and programs, a user could just turn a switch on theircomputer and the computer would fix itself.

[0175] Here is a different example using our switching system, inconjunction with programs and/scripts, to perform a backup and repairprocess for a malfunctioning hard drive:

[0176] Two hard drives can be connected to a “regular” computer.

[0177] A single toggle switch can be mounted on the front of thecomputer, or any location.

[0178] Both hard drives are controlled by our special switching systemthat can control their “Device IDs” and/or “master” and “slave”settings, and power.

[0179] Hard drive 1 is a “typical computer user's” hard drive with an OS(such as but not limited to a rotating magnetic hard disc drive), a fewapplications, documents, and e-mail. Its device identity is set as the“master” hard drive.

[0180] Hard drive 2 can be partitioned into 3 partitions: a) a“start-up” partition b) a “master” partition and c) a “backup”partition. Partition “a” is configured to be the “booting” partition.

[0181] During “normal” use, our switching system switches hard drive 2'sdevice identity to be a “master” hard drive, but our switching systemalso turns off hard drive 2's power.

[0182] In partition “a” we have a perfectly functioning OS and relatedsoftware to control the repair process. In partition “b” we have exactlythe same OS and exactly the same applications as on hard drive 1, in a“pristine state” with no “defects”. Partition “c” is blank at this pointin the process because the machine is new and “backups” have not yetbeen made.

[0183] A program that copies data from hard drive 1 to hard drive 2 canthen execute periodic “backups” of the user's data (e.g. the “MyDocuments” folder, email) to partition c of hard drive 2. These backupsmay be uncompressed, compressed, or represented by an algorithm. Theprogram can be stored on any device that can store data (hard drive 1 ora flash ROM chip are two examples).

[0184] This copying procedure can be made possible, for example, byutilizing a program that initiates the switching process (which switchesthe power “on” to hard drive 2 and gives it the “slave” device ID) atperiodic intervals (that could be adjusted by the user) in conjunctionwith scripts that copy the user's documents and email to the “backup”partition “c”. Each backup that is created may be given a uniquetime/date stamp so that when the user needs his/her data back s/he canchoose from multiple “backups.”

[0185] Various parts of the OS, application software, or any other dataon hard drive 1 could then be damaged, deleted, corrupted, or destroyed.The hard drive could even have “bad blocks” and/or sectors, and/or evenphysical damage on the surface of the hard drive. The corruption of harddrive 1 could be so terrible that the computer could not even “boot up.”We could then repair it:

[0186] “Flip” the “toggle switch” and the following switching processoccurs:

[0187] Our switching system then switches the “device ID” settings sothat hard drive 1 becomes the “slave” drive, power is then connected tohard drive 2, and hard drive 2 is switched to become the new device IDof “master.”

[0188] The script that creates “backups” could then execute again andcopy all or selective data from hard drive 1 (for this example, it couldcopy the user's “My Documents” folder and/or email.) to Partition “c” ofhard drive 2.

[0189] Another script could then run on hard drive 2 that wouldcompletely reformat hard drive 1. It could also map the “bad blocks” onthe hard drive.

[0190] Then another script could run on hard drive 2 that copies the“perfectly functioning” copy of the OS and applications from partition“b” over to hard drive 1.

[0191] Optionally, a script could then run that asks the user which copyof the “backups” from partition “c” the user would like to revert to.Upon choosing a particular backup, the “My Documents” folder and email(from partition “c” on hard drive 2) would then be copied back to harddrive 1.

[0192] When it finishes copying, another new script could run thatshuts-down the computer and its hard drives.

[0193] The user could then “flip” our switch again and it would switchthe “device ID” back to “master” for hard drive 1, switch hard drive 2to “slave” and cut its power.

[0194] The user could then restart the computer, and it would boot-upperfectly into the freshly reformatted hard drive 1, with its freshlycopied OS and applications, its freshly copied “My Documents” folder,and its malfunctioning behavior would thus be repaired.

[0195] By switching data storage device IDs and/or power, and/or networkconnection, and/or other means, data storage devices can be connected toa computer in such a way that one or more of the data storage devicescan be isolated from other data storage devices, and/or isolated fromnetwork connections.

[0196] Thus, if a hacker or virus were to enter a data storage devicethat was connected to a network, said hacker or virus could only accessone of the data storage device(s) because the other data storage deviceswere “separated” by the Switching System. This data storage device couldbe devoid of user data.

[0197] Also, a user could switch from one data storage device that was“private” or “isolated” (by using our switching system) from thenetwork, to a different data storage that was exposed to the network,but was “empty” of user's personal data. Thus, a hacker would not beable to access the user's private data storage device., but only the onecontaining no user data.

[0198] Master Template: A master template is a collection of softwarethat consists of one or more of the following: operating system,applications, or whatever else the user and/or maker of the templatewants to put on it, and/or default/user preferences and settings. It iscreated by copying said software onto a data storage device (orpartition) that is defined as a Master Template Storage Device.

[0199] The repair process can function in a number of different ways.For example, it can be user controlled, it can always take place on aschedule, and/or on startup, shut down, etc.

[0200] The master template may be a “perfect” installation of the systemand software and/or data that a user wants and/or is required and/ordesired on their computer/computing device, that may also have beenchecked for conflicts and/or errors and said errors could then correctedby an IT professional.

[0201] There are a number of ways to create a master template. Forexample: an original “perfect” installation (where errors may have beenidentified and corrected) can be made on the user data storage deviceand then copied, or installed, to a second data storage device thatcontains the master template.

[0202] It can be created on another computer elsewhere, and downloadedvia a network to reside on the users' computers.

[0203] It can be created and/or reside on a data storage device locatedon a computer elsewhere, and run across a network to repair the users'computer.

[0204] It can be created on the storage device and/or partition used tostore the master template.

[0205] When the master template is created elsewhere and “run”, orinstalled, over a network, or created on a different data storage devicethan the user data storage device, then shortcuts and/or aliases mayneed to be modified to work properly when they are copied to the userdata storage device. In this case, during the copy process, the codefixes those shortcuts and/or aliases to point them to the correct itemon the user data storage device.

[0206] The Switching Process can switch data storage device power on andoff, thus “hiding” and “un-hiding” the device; switching between makingthe device inaccessible and accessible.

[0207] A network accessible data storage device could usually beswitched partially or completely off, and/or the network connectioncould be switched off, and/or the network accessible data storage devicecould be “un-mounted.” The network accessible data storage devicecould: 1) only be mounted and/or connected to the network, and/or turnedon, when used for sending and/or receiving data on the network; or 2)could always be network accessible; or 3) sometimes be networkaccessible.

[0208] Optionally, the network accessible data storage device could belimited to containing only non-sensitive software, and/or outgoing datawaiting to be uploaded or sent.

[0209] Optionally programs could exist on the network accessible datastorage device that enables mail to be sent and/or received, but notopened.

[0210] Multiple communication cards with various identities may be usedto switch identities and send/receive data. A computer send/receivefunction may be set up like a shell game, where the identity is changingrapidly, and the data storage device is on-line for as short a time aspossible, for example just long enough to send and/or receive, and thenit is taken off line. Rather than using a separate drive for viewingdata, software would not allow viewing until drive was off line . . .then before going back on line, software would transfer all data exceptoutgoing data to quarantine.

[0211] The Entertainment Center consists of electrical connections,holders, fittings, etc. on the inside, outside, and/or integrated intothe body of a computing device that provide the ability for the user (ormanufacturer) to hook up anything they want that may interact with thecomputer and provide entertainment, education, artistic value, etc. Forexample the outside of a computer can be covered in part, or completelywith electrical connections that allow a user to attach devices.

[0212] Anti-theft system: The Anti theft system can contain one or moreof the following: cellular phone technology, a global positioning systema transmitter/receiver, a meaning of identifying the user, and an extradata storage device, logic control, and a switching process. Using allor some of these devices it can use any means of identification toidentify user. If user does not match authorized user the followingevents can occur:

[0213] 1) User data storage device is switched off and is thus “hidden”.

[0214] 2) A “bogus,” but normal looking data storage device is switched“on,” and mounts (optionally id may be switched). It may optionally havea hidden partition that is protected from being erased. Softwareexecutes that may be hidden and/or misnames, and/or otherwise would notdraw attention from the user and sends out machine location to forexample, police, owner's e-mail address, a security service. Informationcan also be transmitted using any type of transmitter, example: cellularphone call, and/or be sent over a network and/or the internet. Theanti-theft process could also be triggered by a phone call.

[0215] If user identity doesn't match authorized user, the device mayhide the user data storage device, switches to “rigged” data storagedevice, and also may turn on a global positioning system transmitter toidentify location of computer.

[0216] When the location of the computer is identified, it can betracked, even if it is moving.

[0217] The repair process can (optionally) utilize a comparative processthat compares the software on the user data storage device to a perfectMaster Template. By monitoring user processes, we can monitor the stateof the user template, be aware of changes (optionally, have a databaseof changes and/or differences between the user data storage device andthe master data storage device) and rapidly repair the user data storagedevice (on the fly) as needed based on that database, reset connections,and reset memory if needed.

[0218] As an option, system does not need to discard (and/or overwrite)user documents, email, etc. so if there is a freeze or corruptionproblem only the system software, and/or offending software that ishaving a problem can be repaired, and just those components that aredifferent from the master can be replaced.

[0219] Optionally, the user operating system and/or applications, and/ordata and the Master Template, and repair process can be run in volatilememory, enabling a fast repair process to perform much more quickly,especially if a comparative repair process is used that repairs problemsas they occur. Thus, if a “process watcher” is used to detect a problem,the fast repair process can happen so quickly it may not even be noticedby the user.

[0220] Optionally, the user operating system and/or applications, and/ordata and the Master Template, and repair process can be run in volatilememory, enabling a fast repair process to perform much more quickly,especially if a comparative repair process is used that repairs problemsas they occur.

[0221] In Anti-virus/Anti-hacker can switch back and forth between a“side” of a computer connected to the internet, and a “side” that isisolated from the internet, by use of a hardware and/or softwareswitching process.

[0222] One option is for the “Backup and/or Repair” system to keepand/or utilize one or more perfect master template(s) of the users' datastorage devices, and it can back up and archive the user's data usingsoftware or scripts [(which can, for example, be located on aStorExecute (see definition)] that “backs-up” or copies data from onedata storage device to another. When the data storage device has a“problem,” the “Backup and/or Repair” system can use its switchingfeatures to access the perfect master template(s), and/or the backup(s)and/or archive(s), and may use some scripts and/or programs [(which can,for example, be located on a StorExecute (see definition)] to restore acomputer to a functioning state. Rather than using a master template,the “Backup and/or Repair” system can also conduct the repair from abackup, and/or archive on a separate data storage device.

[0223] Additional embodiments and aspects of the invention are nowdescribed. It will be noted that the invention further provides anapparatus and method of supporting the backup and recovery of acomputing device. The computing device will typically include both auser computing environment and a supporting environment which enhancesthe stability and functionality of the user computing environment.

[0224] On-the-Fly Repair of a Computer

[0225] Embodiments of processes, different computing systems, snap-shotof data, monitoring, recovery, application configuration and applicationoutput are now described in turn.

[0226] Exemplary Processes

[0227] In one embodiment, a plurality of computing processes may beutilized to enable the On-the-Fly invention. Here, individual computingprocesses may monitor, track, predict the stability, backup, restore, orrecover attributes within the user computing environment. The attributesmay be software specific, data specific, operating system specific, orany combination. Utilization of the plurality of computing processes canfacilitate the normal operation of the user computing environment. Inone embodiment the user computing environment may be stabilized withoutuser intervention such as requiring the user to shut-down, restart,logging off, logging on, or terminating applications. In one embodimentthe supporting environment may have a capability interacting with theuser computing environment. In one embodiment the supporting environmentmay be capable of initiating or causing the user computing environmentto shut-down, restart, logging off, logging on, or terminatingapplications.

[0228] Different Computing Systems

[0229] In one embodiment the user computing environment and thesupporting environment function in different computing systems. The twocomputing systems may reside in a common box. The user computing systemmay consist of data storage devices, RAM, processor, video card, andother attributes known in the art to facilitate a computing system. Thesupporting computing system may consist of a master template datastorage device, RAM, processor, and other attributes known in the art tofacilitate a computing system. In one embodiment, the data storagedevices may be linked as needed to perform repairs. Such as, the need tocopy data from the support environment to the user environment.

[0230] Snap-Shot of Data

[0231] In one embodiment, the present invention takes a snap-shot of theuser computing environment. This snap-shot may subsequently be utilizedto restore, analyze, or enhance the stability of the user environment.The snap-shot may include a stable image of the operating system,software applications, or user data. The snap-shot may contain anidealized or stable version of a disk drive utilized by the userenvironment, or a subset of the disk drive such as an individualpartition. The snap-shot may also include an idealized version or imageof the user system RAM, user system disk drive, user system partitionimage, memory of the video card, or any other memory stored or utilizedin the user computing environment. These snapshots may be stored in theassociated support environment data storage device

[0232] Monitoring

[0233] The supporting environment may monitor the user environment. Themonitoring may include monitoring of processes running or enabled withinthe user environment. The monitoring may include monitoring both theutilization of the data storage device, data contained on the datastorage device, and other aspect necessary for the normal operation ofthe user environment. This monitoring may facilitate identifyingundesired changes, potential problems and also potential solutions. Thesupporting system may detect a freeze or other undesirable change withinthe user environment.

[0234] Recovery

[0235] When an undesirable change is detected in the user environment,the supporting environment may attempt to recover or restore or repairthe user environment. The supporting system may be capable ofre-enabling the user environment in a number of ways, such as resettingthe keyboard in the event the keyboard locks the communication ofkeystrokes to the user environment. Further recovery of the userenvironment may be supported by reset connections such as describe by“Freezebuster”, reset and clear devices as needed, replace defectivesoftware components as needed, and/or switch hardware components and/ordevices as needed. The supporting environment and or supporting systemmay copy all or part of the data from one or more of the idealizedsnapshots mentioned above. These snapshots may be copied into theirrespective devices and/or locations.

[0236] Application Configuration

[0237] Another embodiment supports an ability to run two or moredifferent programs at the same time on one computing system where thedata and applications may be isolated from one another but may shareoutput and/or input devices. In one embodiment, the applications may beisolated by executing the applications in a separate address space. Theapplications and data may be further isolated by utilizing two separateddata storage devices. In order to safely send a command from oneisolated data storage device to the other isolated data storage devicethe following may be utilized. In one embodiment, when an icon on thedesktop icon is clicked the following may occur. The icon may execute acommand that would launch a specific application on the other isolateddata storage device. This may be accomplished by a shared ASIC thatsends the command to the other isolated data storage device.

[0238] Another embodiment involves isolation of data with mergeddisplay. In this embodiment two user environments can be separated forthe purposed of isolating data. For the AntiHacker System: A hard drivethat does not contain “sensitive” data could be isolated and attached toa network. A second hard drive, may or may not be attached to the otherhard drive (in any way), could be utilized for “sensitive” user data,but have no exposure to the network because it is “isolated” by a meansof switching. The video signals associated with the data coming fromthese two hard drives could then be “merged” onto the same screen. Inother words, all of the computing would be happening within isolated“secure zones” within a single computer but would not appear so to theuser. Another example: the anti-virus system could use this method toisolate potentially infectious data.

[0239] Application Output

[0240] Applications may have its output displayed on the same screenalongside and/or superimposed upon the same screen with otherapplications and data that were being “computed” separately. Bothcomputing processes may be separated but may then be “merged” togetheron the screen, and/or overlaid one another on the same screen. In oneembodiment, this may be achieved by using multiple video cards. Thisconcept can be applied for example to the Repair System, Multi User,Anti-Hacker, anti-theft and Anti-Virus.

[0241] In another embodiment both the user computing environment and thesupporting environment will reside on a single computer system. Asnap-shot of the operational user environment will be taken. Thesnap-shot will be associated with the supporting environment. Processesassociated with the supporting environment will monitor the activitiesand status of the user computing environment. The monitoring functionwill become aware of any degraded performance of the user computingenvironment, such as a system freeze up. The monitoring functionnotifies the supporting environment of any degraded performance. Thesupporting environment will perform any recovery action as necessary torecover or restore the user environment. Recovery may include utilizingthe snap-shot to recover or restore the user environment. An entire userdisk may be restored. A specific application or software package may berestored, or particular files.

[0242] Embodiments of External Repair of a Computer

[0243] The invention may back up or recover a computing device. Thecomputing device may include a user computing environment and asupporting environment which stabilizes the functionality of the usercomputing environment. The invention may include one or more externaldevices or removable media.

[0244] Master Template

[0245] A master template may be a copy of data that represents an idealstate of a computer system or component of a computer system. The mastertemplate may be created by copying data from an operational computersystem or component of a computer system. The computer system may be inan ideal state before creating a master template. An ideal state of acomputer system may be represented by data that is accessible to thecomputer system. Data, within this context, may include an operatingsystem (e.g., Linux, Unix, Windows 98), applications (e.g., WordPerfect,Microsoft Office), user data (e.g., operating system preferences,background images, created documents), and component data (e.g., BIOS,PRAM, EPROM). Data may also include any information accessible to thecomputer system, including local and remote data storage devices.

[0246] As an example, the master template for one computer system mayinclude all of the information installed on that computer system, suchas Windows 98 operating system, WordPerfect application, documentscreated by the user. The information may be installed across multiplehard drives accessible to the computer system. Additionally, the mastertemplate may include a copy or an ideal-state version of the BIOSsettings.

[0247] A master template may represent a snapshot of a newly purchasedcomputer system. The system is typically in an ideal state with anoperating system and various applications pre-installed, therebyallowing a user to begin utilizing the computer system. For a particularuser, the master template may represent an ideal state of a computersystem, including, for example, an operating system, applications, anduser customizations. A user customization may include the users priorselection of a picture or “.jpg” image for a desktop background, such asa picture of the users pet.

[0248] Optionally, the master template may be created from a firstcomputer system and subsequently may be used as a master template for adifferent computer system. An ideal state of the first computer isthereby transferred to a second computer system or any number ofcomputer systems.

[0249] Backups

[0250] A backup is a copy of data that represents an information on acomputer system or component of a computer system. The backup may becreated by copying data from an operational computer system or componentof a computer system. A backup of a computer system may include datathat is accessible to the computer system. Data, within this context,may include an operating system (e.g., Linux, Unix, Windows 98),applications (e.g., WordPerfect, Microsoft Office), user data (e.g.,operating system preferences, background images, created documents), andcomponent data (e.g., BIOS, PRAM, EPROM). Data may also include anyinformation accessible to the computer system, including local andremote data storage devices.

[0251] As an example, a backup for one computer system may include allof the information installed on that computer system, such as Windows 98operating system, WordPerfect application, documents created by theuser. The information may be installed across multiple hard drivesaccessible to the computer system. Additionally, the backup may includea copy or an ideal-state version of the BIOS settings.

[0252] An archive is a backup which typically may not be erased.

[0253] Data Storage Device

[0254] A data storage device includes memory devices, which areaccessible to a computer system. A computer system is capable ofaccessing or storing data in a variety of memory devices. Memory devicemay include hard drives, RAM, ROM, EPROM, or BIOS. Memory devices storedata (e.g., data or programs). User data is typically stored on diskdrives, but may potentially be stored on any memory device. Typically, acomputer system utilizes a variety of memory devices. For example, anoperating system, applications and user data may be stored on a harddrive, a BIOS program may be stored in ROM, and BIOS data may be storedin a protected memory.

[0255] Data Storage Device—DSD

[0256] A “DSD” refers to a “data storage device.”

[0257] Exemplary Methods of External Attachment

[0258] Data Storage Device (DSD) may be an external device. A variety ofprotocols currently exist for utilizing external devices. Some of themore prevalent protocols include TCP/IP, USB, USB 2, Firewire, IEEE1394, PS/2, parallel, serial, PCMCIA, SCSI. Other protocols and methodof connecting external devices to a computer system will be apparent toone skilled in the art. As an example, a SCSI hard disk and SCSI CDROMare memory devices that may be attached to a computer system. Thecomputer system may then read or write to the external device.

[0259] Exemplary Repair Process

[0260] An automated process may repair a data storage device of acomputer system. The repair process may include multiple programs. Theautomated process may be triggered by a particular event or a set ofevents. The repair process may be specific to a particular data storagedevice such as the primary boot partition of a hard drive. The repairprocess may encompass a variety of functions which may be modified,added, of skipped based on the type of repair or user preferences. Theuser may modify user preferences.

[0261] In one embodiment, the repair process represents a sequence offunctions. Typically a Master Template is either provided to the user orcreated by the user. Backups are created intermittently. The computersystem becomes unstable and repair becomes necessary. The user mayactivate the repair process or the repair process may recognize theinstability or problems with the system and activate the repair process.

[0262] Prior to repair, a Master Template typically exists for thecomputer system. The Master Template may have been created in a numberof different ways. Several ways of creating one or more Master Templatesfor this computer system include: shipped with a new computer, createdwith the installation of software (e.g., software to support thisprocess), created by a user-activated program, periodically created of aMaster Template by a program.

[0263] Backups typically exist for a computer system. A backup mayinclude user data and programs which have been stored on a data storagedevice accessible to the computer system. For example, documents mayhave been created or modified by a user. These documents may be storedas a backup. The user may have installed additional programs that may bestored in a backup.

[0264] During a backup process data is copied from a data storage deviceof the computer system to the backup data storage device(s). Any datathat is accessible to the computer system may be backed up. The backupmay be compressed. Compression may reduce the amount of storage spacerequired to hold the backup. Incremental backups may also be used.Incremental backups may reduce the time required to perform a backup andreduce the storage space required to store them. Backups may be storedas archives.

[0265] Repair Process is activated and (Optionally may be confirmed).

[0266] The repair process may include a number of functions. The repairprocess may be initiated by a user, administrator, repair software, orrepair hardware. The user may specifically initiate the process (e.g.,double clicking on an icon of a graphical operating system). Anadministrator may initiate the process by communicating with thecomputer system over an internet connection such as TCP/IP. Repairsoftware may initiate the process by utilizing a boot diskette or aseparate boot partition on the hard drive. Repair hardware may initiatethe process by sensing a frozen state of the operating system or harddisk, and subsequently initiating the repair process. Alternatively, theuser may press a hardware switch which initiates a process to shutdownthe machine, switch boot disks, and the subsequent startup may initiatethe continuation of the repair process.

[0267] The repair process may be configured to allow the user to confirmthe repair process in a number of scenarios. For example, before a DSDis reformatted the user may be requested to confirm the operation. Theuser may be allowed to halt the repair process.

[0268] The repair process may utilize a Master Template, Backup,Archive, various commands associated with an operating system,switching, and other programs, for repairing a computer system. Forexample, the repair process may format and partition a hard disk usingan MS-DOS command, then copy a Master Template to the primary bootpartition of the hard drive, then copy the latest Backup or Archive,then mark the primary boot partition as the active partition.

[0269] Any number of backups or archives may be used to restore the userDSD(s).

[0270] Command associated with an operating system may be used to resetor update DSD of the computer system. A DSD (e.g., PRAM, BIOS, or CMOS)may be updated through the use of commands associated with an operatingsystem. Typically, MS-DOS commands may be used to download, save, reset,reset to the default, or update a BIOS version. For example, one step inthe repair process may include booting into an MS-DOS partition,executing MS-DOS commands to update the BIOS of the computer system,then change the boot device and reboot the computer system to continuethe repair process if necessary. Alternatively, the DSD (e.g., BIOS) maybe set to a previously saved state. The previously saved state may beincluded as part of the Master Template, Backup, or an Archive.

[0271] The repair process may also be capable of managing DSDs. ManagingDSDs may include testing, reformatting, analyzing, resetting, ordetermining bad blocks. Alternatively, the repair process may interactwith other programs to provide management functionality of all or someDSDs. For example, the repair process may rely on operating systemcommands to format a DSD (e.g., a hard drive), but interact with aprogram to interact with another DSD (e.g., BIOS, PRAM).

[0272] The repair process may evaluate the present state of the computersystem. As part of the analysis the repair process may determine orrecommend a type of repair. For example, if the DSD (e.g., hard disk) isnot responding then reformatting may be recommended. If only severalfiles appear to be corrupted then the repair process may determine onlythose files need to be copied from a Master Template or a backup. Someor all of the data from a master template may be copied on to theDSD(s). Alternatively, the repair process may copy the entire mastertemplate to the DSD(s).

[0273] The repair process may perform a similar evaluation regarding howmuch of a backup needs to be copied. Some or all of the data from abackup may be copied on to the DSD(s). Alternatively, the repair processmay copy the entire master template to the DSD(s).

[0274] Rebooting the computer system may be integrated into the repairprocess. Switching between boot devices may be integrated into therepair process. The repair process may switch the boot disk from harddisk 1 to hard disk 2. Power may be cycled such that hard disk 2 bootsup as the active partition. A default program may be executed as part ofthe boot sequence to perform part of the repair process. Subsequently,the repair process may alter the hard disk 1, switch hard disk 1 to theactive partition, and then reboot or cycle the power to initiate thebooting of hard disk 1.

[0275] Some Exemplary Embodiments of External Device Embodiments

[0276] The repair process may be initiated or managed by an externallylocated device that may be communicative coupled to the computing devicethrough, e.g., USB, Firewire, parallel, serial, PS/2, PCMCIA, orinfrared. The external device may be the boot device.

[0277] An external boot device may be connected to the computer systemwith the boot device activating the repair process. The repair programmay reside on the boot device or a second data storage device. Thesecond data storage device may also be communicatively coupled to thecomputer system. The second data storage device may contain mastertemplates, backups, or archives. The second data storage device may alsocontain the repair program or other programs which facilitate the repairprocess.

[0278] For example, an internal SCSI device “id 0” may be the defaultboot device. The repair process may switch the power to the SCSI device“id 0” OFF. The repair process may switch the power to an external SCSIdevice “id 0” ON. The repair process reboot the computer system byactuating a reset command (e.g., a mechanical device, a logic circuit).When the computer system reboots, the external SCSI device may be theboot device. The repair process may then continue as directed by part ofthe repair process on the external SCSI hard drive.

[0279] The repair process may include switching the device id's of aprimary and secondary SCSI disk. In this second example, the internalSCSI drive may be “id 0” and the external SCSI drive may be “id 5”. Therepair process may change the internal SCSI device to “id 5” and theexternal SCSI device to “id 0”. Switching of the SCSI device id's may beperformed by the repair process (e.g., a mechanical device or a logiccircuit, activated by the repair process).

[0280] In another embodiment, the BIOS may be modified to enable bootingfrom an external device. The boot device may also be switched byupdating the BIOS. Typically the BIOS defines the boot sequence. If thefirst boot device is not found, then an alternate boot device may bedefined in the BIOS (e.g., the boot-device sequence is CDROM, A:, C:).The BIOS may be downloaded, modified, and restored. The BIOS may beupdated (e.g., in place, via download-modification-upload) to change theboot identifier of a USB device, an IDE device, or other devices. Therepair process may download a copy of the BIOS in a variety of ways. Oneexample, includes booting into an MS-DOS mode, executing a program tosave the current BIOS to a file. The BIOS file may be saved into amaster template, backup or archive. Alternatively, the BIOS file may bemodified by the repair process to change the boot sequence. If the BIOSfile is updated then it must be loaded into the computer system to takeeffect. Effectively the boot sequence may be changed to another DSD,such as a second hard drive. The external SCSI disk with a specific “id”may become the “boot device”. Another option involves storing multiplecopies of the BIOS file, each having a different boot sequence,uploading the appropriate BIOS file may allow booting from a particularboot device (e.g., IDE hard drive partition 1, SCSI device “id 0”, USBdisk, Jaz drive, etc.). An external device may be the boot device andstart or continue the repair process.

[0281] In another embodiment, a secondary boot device may be attached asan external Data Storage Device to a computer system (e.g., connect to aparallel port). This secondary boot device may activate or manage therepair process. The secondary boot device may contain programs toconduct processes such as reformatting another data storage device(e.g., internal or external hard drive), copying data from a MasterTemplate, copying data from a backup or archive.

[0282] A program on the secondary boot device, or accessible to thesecondary boot device, may be activated to create a master template,backup, or archive of and data accessible by the computer system (e.g.,the user's main drive).

[0283] A program on the secondary boot device, or accessible to thesecondary boot device, may be activated to repair a data storage deviceon the computer system (e.g., the user's main drive that needs to berepaired). In this scenario, the Master Template, Backup, or archiveData Storage Device(s) may be attached externally via USB, firewire,etc. The program may actively search for Master Templates, Backups, orarchive DSD(s) and present the user with a list of options for restoringthe computer system. Alternatively, the repair process may determine andselect the best restore options and continue the repair process.

[0284] In another embodiment the repair process may be initiated byinsertion of a floppy, cd, dvd, or use any other form of removablestorage/memory or startup device, and rebooting the computer system. Theremovable storage/memory or startup device may boot if the BIOS bootsequence contains a sequence in which the boot order enables a removablemedia to act as the boot device. Booting from the removable media maytrigger or activate an automated repair process (e.g., a program locatedon the removable media or an external device). Booting from theremovable media may activate a mechanical device or program logic toinitiate the repair process (e.g., switch hard disk device id's andinitiate a reboot sequence to boot from another device to continue therepair process).

[0285] In another embodiment, a repair program or part of the repairprocess may be placed in a StorExecute, microcontroller, ASIC, etc. Therepair program may activate a repair process. The repair program mayinclude managing the repair process. Functions which may be performedinclude reformatting data storage device(s), switching between bootdevices, switching electrical components within the computer system orexternal components, copying data to/from data storage device(s), (e.g.,copying master templates, backups, etc, or any portion to another datastorage device), and other repair functions. The repair process, mayalso be located, integrated, or embedded in an external device. A switchtrigger that activates the repair process may also be located,integrated, or embedded in an external device.

[0286] In one embodiment, the startup device may be selected by aStoreExecute. Alternatively, a device identity may be assigned by aStoreExecute. The necessity to perform switching through the use ofjumpers is thereby reduced. For example if a repair process istriggered, a StoreExecute may assign device identities to data storagedevices or may decide which data storage device shall be used for therepair process, and which data storage device shall be used for bootdata storage device if rebooting is utilized in the repair process.

[0287] In one embodiment during “on-the-fly” repairs, an external datastorage device may be utilized for such things as the Master Template orbackups, or for software used for the repair process.

[0288] In this embodiment, an external data storage device (“DSD”) isattached to a typical personal computer that contains an internal datastorage device. The internal DSD may be referred to as the “main user”data storage device. An external DSD may be attached via any availableexternal connection.

[0289] Example of external data storage device (“DSD”) for repairing acomputer:

[0290] In this example, a user attaches an external data storage device(“DSD”) to a computer with any available external connection (e.g.,Firewire, USB, SCSI, etc.). An external connection may include USB, USB2, Firewire, IEEE 1394, PS/2, parallel, serial, PCMCIA, SCSI, and otherprotocols and method of communicating with an external device.

[0291] The user installs software on “main user” DSD that initiates aprogram to create a master template, and schedules Backups to executeevery Friday morning. The master template is created by the program andstored on the external data storage device. Every Friday morning therepair process runs and stores a backup of additional information to theexternal data storage device.

[0292] A micro-controller and EPROM may be attached to the computer toperform part of the repair process. Attachment may be via any availableexternal connection. The micro-controller and EPROM may be integratedinto the external data storage device.

[0293] A switch trigger may be attached to the computer. Attachment maybe via any available external connection. The switch trigger may beintegrated into the external data storage device.

[0294] As another example, the main user data storage device isaccidentally erased or damaged and that the computer system will notboot. The user decides to repair computer and initiates the repairprocess by activating a switch trigger, which initiates the followingprocess:

[0295] The micro-controller may interrogate the BIOS of the computersystem to determine its current boot up sequence. EPROM may storeinstructions for how to accomplish this.

[0296] The micro-controller may determine that it is necessary to alterthe boot sequence so that the externally attached data storage devicewill become the boot device. The micro-controller and associated EPROMmay flash the BIOS in order to accomplish this. The micro-controller maythen send a command to computer to reboot the computer. When thecomputer reboots, it will reboot from the external data storage device.

[0297] Following the boot up, programs which are located on the externaldata storage device may execute the repair process as defined herein.

[0298] Additional embodiments and aspects of the invention are nowdescribed.

[0299] Embodiment of Apparatus and Method for Backup of a Computer

[0300] The invention may backup, maintain backups, or recover dataassociated with a computing system. The computing system may include anynumber of components including hardware and software, and any memoryaccessible to the computing system. The computing system may focus on auser computing system and potentially the supporting environment whichstabilizes the functionality of the user computing system (e.g.,operating system, BIOS, etc.). Typically data associated with thecomputing system is identified by a variety of characteristics, the datais stored as a backup, and subsequently data within the backup may berestored or used to evaluate an existing computing system.

[0301] Backups

[0302] Data has a number of characteristics, typically includingavailability for use in a computing system. Data may include one of moreof any of the following: operating systems, application, user data, dataresiding in the computing system (e.g., hard disk, hard disk partition,RAM, ROM, BIOS, CMOS, EPROM, electronic serial numbers, etc.),applications residing in the computing system (e.g., sample listedabove), and backups created or accessible. The term data may be used todescribe a specific aspect of information for association with a backupprocess. A backup process may include identifying data and thecharacteristics of data, for backup, management, or restoration. Datamay also refer to a backup or set of backups. By default the data tobackup may represent all data on a given disk drive, a given diskpartition, or a memory.

[0303] Characteristics of the data may include an indication of whatdata is part of the backup, how to access the data, where to backup thedata, frequency of the backup, and type of backup. These characteristicsmay be used to define or identify specific data associated with a backupprocess. Specific implementations may vary according to whatcharacteristics are associated with the backup process.

[0304] What data to include is limited by the accessibility of the datato the computing system. Specific data for inclusion in a backup may bepredetermined or determined as part of the backup process. Predeterminedidentification of data to include in a given backup may be provided by ahardware or software manufacturer, or a user (e.g., systemadministrator). Predetermined set of data may provide an initialindication of what data to backup. An operating system may, for example,include a list of files and or directories associated with operatingsystem functionality. Here the operating system may provide apredetermined list of files or associated data representing theoperating system or identifying specific data to backup (e.g., list ofuses, user preferences, passwords, windows registry file).

[0305] A hardware system may, for example, include a memory addressrange (e.g., RAM, ROM, EPROM, BIOS, etc.) that represents data that maybe useful to backup for that system. The hardware system may alsoidentify other data within the computing system that may be useful inthe backup process (e.g., applications to extract or update a BIOS).Typically, the data identified is useful in the backup process, such asunderstanding the operation of the computing system or restoring data inthe event of a failure or corrupted data. Data identified for backup mayalso have a variety of uses including cleaning up the computing systemwhich may have limited disk space (e.g., verify the necessity of data ina current computing system) and restoring identified data.

[0306] Alternatively, what data to include in a given backup may bedetermined subsequent to the delivery of a computing system to a user.Data may be determined with installation of hardware or software, orduring the normal course of utilizing the computing system. Adetermination may be made with the installation of hardware or software.The installation process may be actively engaged in identifying whatdata would be useful to the backup process. The installation process mayinteract with the backup process or tools to identify program files anddata specific to a given installation. The location of user file mayalso be helpful to the backup process. The contents of a user directorymay be marked by the backup process for inclusion in a periodic backup.Accessing data by an application may also be integrated into the backupprocess. One example includes added functionality, such that saving data(e.g., a files) by the application includes an indication to the backupprocess to backup that specific data. The installed application may addthe saved user file to a list of files that should be include in asubsequent backup. If multiple users access the same computing system,the file to be included in a backup may include an ownership indication.

[0307] Data to include may be identified according to directories orspecific files. For example, data to include may be identified by filetype, file location, directory tree, of memory device. A selectivebackup may backup only data associated with a specific system componentsuch as a disk drive or data storage device.

[0308] How to access the data may be an important characteristic of thebackup. An important consideration may be required for accessing,storing, formatting, modifying, restoring, and updating data of thevarious components associated with a computing system. Not all data isreadily accessible according to a well known process of accessing a harddrive. As described above, data may include any data accessible to thecomputing system. Typically, a piece of data is uniquely accessibleaccording to a predefined process. The process for accessing informationfrom a disk drive is readily appreciated by novice users.

[0309] For example, accessing BIOS data for backup may involve bootinginto a particular operating system (e.g., DOS 5.x), running ahardware-specific program which may verify the hardware compatibility,executing a second hardware-specific program which may copy the data(e.g., BIOS data) to a floppy disk. Updating the BIOS in the example mayinvolve running another program to flash the BIOS. Both the old and newversions of the BIOS, and associated applications can be stored as datain a backup. Consequently, a restoration of the old BIOS can beincorporated into the backup process. Similarly, other data accessibleto the computing system may be incorporated in to the backup process byanalyzing the existing processes for managing data for specificcomponents within the computing system.

[0310] Where a backup is stored may be predetermined or determined aspart of the backup process. A manufacturer of the hardware or softwaremay provide an initial predetermined backup storage area or anindication of another device where the backup is to be stored. Anoperating system may access a second data storage device such as a diskdrive, a second partition, or a pre-allocated file (e.g., similar to aswap file). Backup data may be stored to this initial location. AHardware system may, for example, include a second memory or an addressrange of a memory (e.g., RAM, ROM, EPROM, BIOS, etc.) that representsthe default backup location. Optionally, the backup location may beanother storage device within the computing system or accessible to thecomputing system (e.g., across an Ethernet, firewire, USB, etc.).

[0311] Frequency of the backup can be based on any of a number offactors associated with the data and computing system including:volatility of data, volatility of the computing system, importance,upgrade schedule, user projects, personal comfort level, past experiencewith similar environments, degree of user participation, etc. Backupscan be scheduled at particular times and intervals based on thesefactors. Backups may be initiated by the hardware, software, or a user.Similarly, other activities on the backup process, such as maintenanceand restoration, may be performed based on a given frequency.

[0312] Exemplary Types of Backup

[0313] A variety of backup types may be supported. The types may includeat least one of the following: full backup, selective backup, partialbackup, master template, data modified since a prior backup, or based inpart on a comparison with a prior backup (e.g., a prior backup, or alisting of the contents of a prior backup). The type of backup may bedefined for all data included in the backup, or part of the dataassociated with the backup process. For example, a backup may include anoperating system wherein only files associated with the operating systemand files modified since a prior backup are included in a specificbackup. The specific backup may further include a user data directoryidentified for backup.

[0314] Exemplary Data Represented in a Backup

[0315] Data represented in a backup may be identified by the variouscharacteristics described above. Typically, data represented in a backupsupports a backup process, such as a possible restoration of the datafor use in a computing system. The backup or the various data containedin the backup may be a compressed or encrypted. Specific data in thebackup may be an exact duplicate or enough information that the data maybe recreated, corrected, or verified. For example, file differences maybe included in a backup, thereby allowing a set of backups to beutilized to recreate or correct a file or data. How to access the datamay also be represented in a backup for certain types of data (e.g.,BIOS) and not represented in a backup for other types of data (e.g.,“c:\my docs\*.docs”).

[0316] Data to be included in a given backup may identify by hardware,software, user, or other characteristic of the computing system. Acomputer manufacturer may create an initial backup of a standardinstallation, which may include various forms of data associated with acomputing system. The manufacturer sells the computing system to a userand may provide a master template as a backup that represents themanufacturers initial computing system configuration. This saves themanufacturer time and money, and gives the user peace of mind.Subsequently the user may install additional software and thereaftercreate a partial backup of the changes to the computing system. Acomparison may be performed between the master template and dataassociated with the current computing system. Difference between the twocan be identified as the data for backup. Here, data that has beenchanged, added, or deleted, in comparison to data associated with amaster template may be identified for backup. Consequently, the mastertemplate and a subsequent backup may be used, according to this example,to restore the computing system to the level of functionality associatedwith the subsequent backups. A variety of scenarios will be apparent toone skilled in the art.

[0317] Exemplary Embodiment of Repair Process

[0318] Exemplary Restoring

[0319] Data represented in a backup is typically restored to a computingsystem. Restoration may include the selection of at least one of thefollowing: specific backup, group of backups, specific data containedwithin a backup, and a master template. The restoration may initiallydetermine the difference between the current computing system and aprior backup. Characteristic associated with the identified data may beused in the backup process (e.g., restoration process associated withBIOS which may have been included in a backup).

[0320] The selection of a master template, for example, may return thecomputing system to an idealized state as defined by the mastertemplate. A master template and other data may be identified to restorethe computing system to a state associated with the last backup incombination with the identified master template (e.g., master templaterepresent the state as purchased, and the identified backup representsthe state after a user installed several applications). Alternatively, amaster template may represent an upgrade to the computing system. Thisupgrade may be combined with other user backup to enhance thefunctionality of the computing system and maintain existing user data.

[0321] Selecting Data

[0322] Data associated with the backup may be identified similarly tothe selection of data for inclusion in the backup, as described above.This information may also be utilized to determine what data or aspectsof the data to restore (e.g., specific users files).

[0323] Data matching a certain file type, file location, data storagedevice, device, component, description, date, wild card matching, etc.may be identified for restoration. The selection may be performed by thehardware, software, user, or any component in the computing system. Inthe event of an operating system failure it may be more appropriate toallow hardware or software select data to restore.

[0324] Restoration location for data may be specified by a user,hardware, software, default, original location of the data, temporarylocation, an alternate location (e.g., for further analysis), or by anycomponent of the computing system. For example, a user may elect torestore data with wild cards such as “*.doc” and “*.txt” from allbackups. The “*.doc” files will be placed in a user-specified or defaultfile location (e.g., “c:\documents folder\doc”), and “*.txt” files willbe placed in a user specified file location (e.g., “c:\documentsfolder\txt”). Alternatively, the data (e.g., files in this example) maybe restored to their original location which may be identified in thebackup.

[0325] Preferences

[0326] Preferences may be associated with the backup process, and mayinclude preferences of hardware, software, users or other components ofa computing system. Preference may be defined as a set of default valuesassociated with the computing system, hardware, software, or particularusers. Configuration information and characteristics may be defined aspreferences for each component of the computing system. A preferenceassociated with a BIOS may include a process or program for accessingthe BIOS in a specific manner, such as booting to DOS 5.x, executing aspecific program to extract the BIOS. Preference may be changed byhardware, software, or users.

[0327] The preferences can be used to define data characteristics(including backups), restore characteristics, and manage data.Preferences may limit the interaction required with users during thebackup process (e.g., selecting data or restoring data). A new user mayestablish preferences to limit interaction with a backup process. Aseasoned veteran may establish preferences to provide a more robustcontrol of the backup process or aspects of the backup process.

[0328] For example, the specific characteristics of how the backupprocess interacts with updating a BIOS may be of a greater interest toan experienced user rather than a novice. In another example, userpreferences may dictate the interaction between the user and therestore. By default, the restoration process my provide the user with apush button restore, such that the computing system will control theentire restoration process. Alternative, the user may modify thepreference such that a user response is required before specific aspectsof the backup process are performed (e.g., format hard drive, or flashthe BIOS).

[0329] Software may also have preferences, which may identify dataassociated with the software, when installed, serial number, andpossibly an indication of the best way to backup, manage, and restorethe software. Preferably, preference associated with hardware andsoftware would minimize interaction required a by user in the process.

[0330] Initiating Restoration

[0331] The hardware, software, or user may initiate and may manage therepair process. Data matching a restoration criteria may be restored.Criteria for restoration may be base on the data stored in the backup(e.g., frequency, master template, compression, encryption, etc.).Further criteria for restoration may be based in part on the type ofbackup or current status of the computing system (e.g., functional, harddisk failure, BIOS failure, OS non-responsive, etc.) The current statusmay be determined in part through the utilization of hardware andsoftware to monitor the health of the computing system. For example,hardware or software can monitor the computing system for any indicationof a keyboard “freeze”, and activate part of the backup process toreturn the computing system to a normal operating state. Utilization ofhardware and software can be used to maintain the health of thecomputing system. Maintaining the health of a computing system mayinclude determining backup process characteristics which may be based onuser preferences. The frequency of backup may be a way to help ensurethe computing system's health.

[0332] For example, an alternate boot sequence may be initiallyestablished in the BIOS such that the computing system initiallyattempts to boot from a primary disk drive and subsequently to a seconddrive. The second drive may contain software designed to boot themachine and evaluate the present condition of the computing system. Oncethe necessity of any repairs have been determined, the software mayproceed to correct the malfunctions and return the computing system to anormal operating state. The software may then reboot the computingsystem to the normal operating state, thereby minimizing userinvolvement in the repair process.

[0333] Removing Data

[0334] During a restoration, process data may be removed including:deleted, moved, renamed, or altered. The method of removal may bespecified as part of the data characteristics. The restoration processmay require the computing system to reflect the data contained in abackup, and therefore necessitate the removal of some data. For example,in restoring data representative of an operating system, a preferencemay provide that existing inconsistent files may represent the culpritsbehind a malfunction predicating the restore process. Removing thisadditional data (files in this example) may be warranted. Removingextraneous data may be performed in a number of ways based in part onthe type of restoration, preferences, characteristics of the backup ordata, and the goals of the backup process (e.g., minimal userinvolvement). For example, if the goal is to restore the mastertemplate, then as part of a comparative restoration all data determinedto be different from the master template may be removed to a specifieddata storage device or memory such as a default folder.

[0335] Restore Specific Data

[0336] The hardware, software, or user of a computer system may requestthe restoration of data. To facilitate the restoration of specific dataa user may perform a restore based in part on: file type, creation date,user identification, modification data, backup date, or anycharacteristics of the data. For example, a completed restore mayinclude a default folder that contains all data from the last backupwhich differs from data currently available for access to the computingsystem or some subset of all of the data (e.g., specified according topreferences). Alternatively, the folder may contain all data whichdiffers when comparing two backups, such as the last backup and a mastertemplate. Data conforming to the users request may be sorted intodifferent directories to provide the user with an indication of theinformation contained therein, such as “This is probably your stuff2/25/03”, “Is any of this your stuff? 2/25/03”, and “Probably not yourstuff2/25/03”.

[0337] Managing Restored Data

[0338] Preferences may also control what happens to restored data. Datarestored may be available to the user or the computing system for alimited duration, to reduce the amount of memory utilized by thecomputing system. For example a user definable preference may indicatethat a dialog warning that the folders named “Is any of this yourstuff?2/25/03” and “Probably not your stuff2/25/03” will beautomatically deleted in 10 days and if the user desires data from thosefolders the data should be moved prior to the expiration date.Optionally, a preference may provide that after 10 days the contentsspecific folders may be moved to a temporary “trash” folder with a newexpiration date of 30 days.

[0339] Placement of Restored Data

[0340] Placement of data may be defined in part by the datacharacteristics stored with the backup or data, the characteristicsassociated with the backup process, and the preferences. Data, such asuser data, may be returned to an original location, and other data maybe placed in a different location. For example, user data located on thedesktop may be returned to where it was, whereas user data located inthe system folder may be returned to its original location depending inpart on preferences. Alternatively, user data may be deposited in adefault or indicated location such as a “documents” folder, a “YourStuff is In Here” folder, a “proposed trash” folder, a “trash” folder,or other custom locations.

[0341] Master Templates

[0342] A master template is a backup of data, representing a computingsystem according to an ideal state. The ideal state typically includesan operating system, a collection of applications or software. The dataincluded in the master template may have been specifically chosen for aparticular user and for a particular hardware configuration.

[0343] A master template may be created or updated according to avariety of approaches. One approaches involving a data storage devicemay include: 1. Creating several backups of data on a data storagedevice over time; 2. An activity associated with the backup process,such as a repair process is triggered; 3. A backup of user data files isperformed (e.g., to save the users current work); 4. Existing datastorage device (e.g., memory) may be reformatted or tested, and may beperformed according to preferences for that data storage device; 5. Themaster template is copied to the user data storage device; 6. Backup ofuser data files is restored to the user data storage device.

[0344] The computing system is thereby restored to a normal operatingstate with minimal user intervention.

[0345] The master template may also be updated, changed, or modified ina variety of ways including: by the user, by access to an update (e.g.,an incremental release by a computer manufacture), or by access to areplacement master template, etc. The preferences associated with amaster template may provide a method for performing these modification.

[0346] The master template may be tested to ensure the master templateand the repair process functions as expected in the backup process, suchas restoring the computing system This testing helps ensure thefunctionality of the master template, the restore process, and may alsobe used as a virus check and repair. An on-line service may be providedto detect virus, verify the integrity, or to update a master template.

[0347] Restoring

[0348] A backup may be tested to verify its integrity (e.g., with achecksum and verifying readability). If the backup is tested and fails,the user may change the preferences. The user may restart the repairprocess, select different preferences (e.g., applications or software),upgrade the backup (e.g., master template), and retest the backup. Ifthe backup passes the verification tests, the user may accept the backupand continue with the restore. When a backup (e.g., master template) isaccepted it can be copied from its storage location to a second backup(e.g., the new master template). The old master template(s) can be savedso that it is possible to revert back to prior master templates. Afterthe user template is “accepted”, the backup user data is returned to theuser data storage device.

[0349] In one embodiment, a master template can be created by the userselecting to “boot into” a master template. The user may then makechanges, install new software, make modifications, etc., and then exit.This approach allows the master template to be updated independently ofuser's documents and other data which may not be a beneficial to amaster template.

[0350] In a different embodiment, the master template may bemodified/updated by the user first conducting a repair of computingsystem. The repair process may automate 1. The backup of user filesaccording to preferences, potentially including particular file types(e.g., documents); 2. the reformat of the user's primary disk drive orthe restoring of the master template to the user's primary disk drive.The user may then install new software to an essential copy of themaster template as present on the user's primary disk drive. A backupmay-subsequently be activated to generate a new master template version.A backup of the user's data (e.g., user specific documents) may then berestored to the computing system. Preferably, restoring the userspecific documents is performed automatically.

[0351] The master template may be created by a process of selectivecopying. For example, depending on the particular OS in use, a programmay interrogate the registry, determine what entries are associated witha particular program or application, and then choose to selectively copyonly those files and entries associated with the particular program orapplication to the master template.

[0352] Additional embodiments and aspects of the invention are nowdescribed.

[0353] An Exemplary Computer with Special-Purpose Subsystems

[0354] Switching Mechanisms

[0355] A variety of events may trigger a repair system to perform arepair process on a primary system(s) to be repaired. An event, such asswitch triggers, may include single step and multiple steps. Each stepmay include a logical or physical action initiated by the repair systemitself, user, external system, or the primary system to be repaired. Astep may include a logical or physical confirmation of the repairprocess. Individual steps may be automated by the repair system,switching process, or a primary system. An example of multiple stepsthat trigger the repair system may include 1) pressing a button, andthen 2) sliding a switch for confirmation of the repair process. Othersteps will be apparent to one skilled in the art and are therefore notdescribed herein.

[0356] The repair may include any process that attempts to place aprimary system into an idealized state or restored state. The repairsystem may include various apparatuses and methods previously described,including the switch process. As an example, the repair system may betriggered by voice recognition or voice identification associated withan individual step or multiple steps of a triggering event. In oneembodiment, pressing a physical button triggers the repair process.

[0357] In another embodiment, the repair system may include a processorand logic that is independent from the primary system. Events maytrigger the repair system independently of the primary system. Therepair system may be triggered by a variety of events independently ofthe primary system to be repaired. Here, the repair system would becapable of receiving or recognizing the triggering event.

[0358] For example, the primary system may be nonoperational while therepair system remains operational with the capability of recognizingevents that trigger a repair process, such as a user request to repairthe primary system. The repair system may perform the repair process ormay trigger another system or application to perform the part or all ofthe repair process. Other applications may include such programs as:Virus Scan, Virex, Arcserve, Assimilator, Deep Freeze, Ever Dream,Filewave, Ghost, Goback, HddSheriff, PCRdist, Retrospect, RevRdist,Rewind, Hard disk toolkit, Anubus, Drivesetup, and Charis Mac.

[0359] A repair system may include a physical switch used as a step of atriggering event for a repair process supported by other applications.Alternatively, the triggering event may activate a repair process thatis performed by other applications. For example, steps associated with abutton, voice command, personal identification card, retinal scan, orpush button with a confirmation by a slide button, key switch, ordiagnostic process, could be used to activate a repair process by otherapplications.

[0360] In another embodiment, when a primary system, such as a computer,is started an application associated with the repair system may betriggered to perform diagnostics on the computer. The application may beused to determine if the second computer attempts to start, such that,if the second computer does not attempt to start then the repair systemmay modify the boot sequence of second computer to boot to a differentdevice. The application may also initiate the rebooting of the primarysystem. If the second computer does start, the repair system may analyzeor record the boot sequence. If boot sequence fails, the repair systemmay automatically reboot the primary system using a different datastorage device to boot and may also initiate the repair of the primarysystem. The repair system may also manage an “on the fly” repairprocess, as defined previously.

[0361] In one embodiment the push of a button (or other trigger event)triggers the repair system to perform a diagnostic process and based ondiagnostic results the repair system may perform the appropriaterepairs. Physically pressing the button may be the only step of thetriggering event. As part of the repair process, the repair system mayperform a diagnostic process. The repair process may include interactingwith a user to determine the repair process. For example the user may beprompted to respond to several questions, such as, “Your computer willsoon need a repair that could take 60 minutes to perform, alternativelya temporary repair may take 5 minutes to perform. Which repair should beperformed?” The user response may be taken into consideration by therepair process.

[0362] A Computer with Multiple Special-Purpose Subsystems

[0363] This section provides apparatuses and methods of protectingcomputers and computing devices from hacking, viruses, cyber-terrorism,and from potential damage or intrusion such as spy software, keystrokerecorders and damage from hacking, viruses, worms, Trojan horses, andsimilar threats and vulnerabilities. Cyber-terrorism is an attempt tocripple or subvert a computing system. The present invention provides asolution to potential cyber-terrorism.

[0364] A computer system of the prior art typically includes: aprocessor, memory, display, a display controller, and input/outputcontroller. The present invention provides a plurality ofspecial-purpose subsystems housed within a computer system. Thesespecial-purpose subsystems typically perform limited functions and havelimited interaction with other special-purpose subsystems.

[0365] Special-purpose subsystems may be designed for many purposes,including to support storing information, performing work, and handingcommunication. A storage special-purpose subsystem may be designed tostore data and retrieve data, while allowing limited assess to thestored data. A working special-purpose subsystem may be designed toprocess information, such as a general purpose computer with variousapplications. A communication special-purpose subsystem may be designedto facilitate communication between other special-purpose subsystems.

[0366] Each special-purpose subsystem typically includes: processingcapability, memory, logic, and an interface. Processing capability maybe a computer processing unit (CPU) or ASIC. The processing capabilitymay be the computer-system CPU, or a CPU shared by multiplespecial-purpose subsystems. Thus, the processing capability associatedwith a special-purpose subsystem may also be used by the computer systemor other special-purpose subsystems.

[0367] Memory may include any data storage device accessible to thespecial-purpose subsystem. Further, a specific memory area may bedivided into logically separate areas, each of which can be associatedwith different special-purpose subsystem. A controller associated withthe specific memory area may be configured to restrict access of a givenlogical memory area to a specific special-purpose subsystem. Eachspecific memory area may thereby be effectively isolated for use by aspecial-purpose subsystem.

[0368] The logic of a special-purpose subsystem supports the intendedfunction of the system, such as storage, work, or control. The logic mayinclude the ability to move a file, display a file, provide a directoryof information available from special-purpose subsystem and otherfunctions as necessary. Further, the logic may include or beincorporated in an operating system associated with the special-purposesubsystem. The logic may be read only or inaccessible from otherspecial-purpose subsystems to avoid potential attacks. For example, thelogic may analyze and record when files are read or written, accessattempts, and associated timing. This information may be used by thelogic to determine if protective measures are necessary, such asprompting the user for a confirmation of an action or denying access tothe special-purpose subsystem.

[0369] The interface of a special-purpose subsystem supports theintended function. An interface of a storage system may include logic toread and write files. An interface of a working system may include acopy of a master template and applications to process and modifyinformation, including storing temporary files. A controller system mayprovide an interface for receiving requests from a working system,requesting a file from a storage system, receiving the file from thestorage system, and sending the requested file to the working system.

[0370] A interface may also support interaction with common controllersof the computer system, such as for a display, keyboard, or mouse.Alternatively, the special-purpose subsystem may include a separatecontroller for accessing common peripheral devices. Each of theinterfaces associated with a special-purpose subsystem may be enabled ordisabled according to a logical or physical switch, such thatinteraction with the special-purpose subsystem is halted or restrictedto a subset of functionality associated with the interface.

[0371] According to one embodiment, two special-purpose subsystems areprovided within a computer system, the first being a working system andthe second being a storage system. The computer system may include adisplay, a display controller, and an I/O controller. Both of thespecial-purpose subsystems are capable of interacting with the computersystem display controller and the computer system I/O controller. Aseparate area of the computer-system display may be associated with eachof special-purpose subsystems. If a display area is selected orotherwise active, then keyboard, mouse or other I/O-controller-mediatedinput would be accessible to the associated special-purpose subsystem.

[0372] Another embodiment, includes a working system and a storagesystem that does not allow execution of data stored (with the exceptionof the storage-system logic). The storage system prohibits the executionof user data, such as any information stored by a user in the memory ofthe storage system. The two systems are isolated from one another, andtherefore events taking place in the working system cannot directlyaffect information stored in the storage system. Communication of databetween the two systems may be through a communication controller thatperforms a copying process associated with moving data, such as a file,between the storage system and the working system.

[0373] Communications between special-purpose subsystems, such as theworking system and the storage system may be through a communicationcontroller, according to one embodiment. The storage system maycommunicate specific information to the communication controller totransfer the specific information to the working system. Thecommunication controller may also transfer specific information from theworking system to the storage system.

[0374] A user selection of a file in the storage system can be used toprompt a communication controller to copy the file from the storagesystem to the working system. The file can be executed or processed inthe working system. Then, the file may be saved causing thecommunication controller to copy the file from the working system to thestorage system. In the storage system the file is not executable andthus could not corrupt other files or data associated with the storagesystem even though the file itself may be infected with a virus orcorrupted. The working system does not typically allow user data, e.g.,document files, to be stored in the working system unless they arecurrently being used, e.g., temporary files.

[0375] Alternatively, the communication controller may interact with thecommon controller to display information available from the storagesystem. User selection of the specific information may be performedthrough interaction with the communication controller. For example, thecommunication controller may request a list of available files from astorage system, and arrange them for a display of the list through acommon display driver. A user could select a file from the list forprocessing in a given working system. Consequently the communicationcontroller may cause the file accessible to the storage system to becopied to the given working system. After the working system is finishedprocessing the file, the file could be saved through the workingsystem's interaction with the communication controller. As such thestorage system and the working system are not required to directlyinteract with one another.

[0376] Additionally, the communication controller may perform ananalysis on data accessible or transferred by the communicationcontroller to determine the level of threat associated with storing ortransferring the data, may refuse to handle the data based in part onthe level of threat, may present the user with information whichindicates a threat and a request to confirm the transfer br storage.Information presented to users may include the number of requests in agiven time frame, extent of modifications, or origination location. Theuser response may be received by the communication controller and usedto determine whether to allow the transfer or storage.

[0377] The working system may include a copy of a master template thatrepresents an idealized state of an operating system. The working systemmay be an existing computer system capable of running an operatingsystem, and additional logic for interaction with a special-purposestorage system. Typically the working system is incapable of interactingdirectly with the storage system. According to one embodiment, aninteraction may be initiated by the storage system, or the controllersystem.

[0378] The working system is a special-purpose subsystem, and may beused to perform processing, editing or modifying data. The workingsystem typically includes logic to display information to a user throughthe display controller to the computer display. Users can interact withthe working system as though it were the primary computer system. Thedisplay controller and I/O controller may be used by the working systemto interact with other devices associated with the computer system.

[0379] The storage system is a special-purpose subsystem, and typicallyincludes data files that are stored in a data storage device. The datastorage device may be volatile or non-volatile. The storage system mayrepresent an existing computer system capable of running an operationsystem, and additional logic for interacting with a working system.

[0380] According to one embodiment, the storage system initiates aninteraction with the special-purpose working system. Alternatively, thestorage system interacts with other special-purpose subsystems through acommunication controller. The storage system may include logic todisplay information to a user through the display controller coupled tothe computer display.

[0381] Each special-purpose subsystem may present information to a userby utilizing the same computer display. Thus, information presented onthe computer display may overlay other information being displayed byanother special-purpose subsystem. The user may select specificinformation, e.g., a document file, to work on. The user selection ofthe specific information may be communicated to the storage systemthrough a common device associated with the computer system, such as aserial I/O controller connected to a mouse or keyboard. The serial I/Ocontroller may be utilized when storage information is presented to theuser. After specific information is requested, the storage system maytransfer the specific information to another special-purpose subsystemsuch as a working system. The storage system may initiate the transferof the specific information. In one embodiment the storage systeminitiates the transfer to a working systems interface. Alternatively,the storage system initiates the transfer to a common memory area foraccess by a working system. Another embodiment provides the storagesystem transfers the specific information according to a communicationcontroller to the working system.

[0382] The working system may then access the specific informationprovided by the storage system. After processing, modifying or viewingthe specific information, an altered version may be saved or returned tothe storage system. Before saving the specific information, the workingsystem may perform an analysis to determine the level of threatassociated with storing the information, and may refuse to save theinformation or may present the user with a confirmation request andinformation which indicates a threat. The working system may save thespecific information to the storage system, the working system maytransfer the specific information to another special-purpose subsystemsuch as a storage system. The working system may initiate the transferof the specific information. In one embodiment the working systeminitiates the transfer to a storage systems interface. Alternatively,the working system initiates the transfer to a common memory area foraccess by a storage system. In another embodiment, the working systemtransfers the specific information through a communication controller tothe storage system.

[0383] In one embodiment, the storage system may perform an analysis todetermine the level of threat presented by storing the information, andmay refuse to store the information or present the user with aconfirmation request and additional information which indicates athreat.

[0384] Data may be moved between special-purpose subsystems using aseparate logic control device, such as an ASIC or logic control deviceutilizing direct memory access. The process of moving data does notallow the data to be executed, which could possibly enable hacking,viruses, and the like. Additionally, data may be encrypted, compressed,or encoded to prevent its execution.

[0385] A control system may be an additional type of special-purposesubsystem, and could provide overall operation of the computer,computing devices, and other special-purpose subsystems. Additionallythe control system may orchestrate the process of copying data,switching network communication, and repair functions as needed. Thecontrol system may be read-only, permit read only access as needed wheninteracting with other special-purpose subsystems such as a storagesystem or working system. Both the network communication and repairprocess may be controlled by the control system. Optionally the controlsystem could have limited communication with other special-purposesubsystems while maintaining an ability to initiate or conduct a copyprocess, activate and terminate communication to other special-purposesubsystems.

[0386] Special-purpose subsystems may be combined into a singlespecial-purpose system that performs functions associated with theindividual special-purpose subsystems, such that the singlespecial-purpose subsystem functions performs the functions as separatethreads. In one embodiment, a storage system, communication system, andworking system may be combined into a computer system as individualprocesses executed by the computer system. The computer system mayutilize any method of isolating the individual processes usingtechniques known in the art.

[0387] In contrast, a special-purpose subsystem or a set ofspecial-purpose subsystems may be spread out over a number of additionalspecial-purpose subsystems, such that some of the functionalityassociated with the system or set is performed by the additionalspecial-purpose subsystems.

[0388] Exemplary Repair Process

[0389] Optionally, a special-purpose subsystem may be repaired orreturned to an ideal state using an automated repair process. Suchrepairs may be conducted “on the fly”, or after each transaction orwithout rebooting. Master templates typically represent an ideal stateof a special-purpose subsystem, and may be stored on a storage system. Atransaction may include reading e-mail, wherein the opening of eachindividual e-mail messages represents a separate transaction.Optionally, one or more items can be ignored during a repair process.For example if an e-mail has been opened, a repair process may runignoring the open e-mail, detect and repairs problems, and then a usermay respond to the e-mail without quitting it. In another embodiment,all downloads and e-mail can be saved immediately to the storage systemprior to opening the download or e-mail in the work subsystem.

[0390] In one embodiment, the logic of a special-purpose subsystem, suchas a working system, may trigger an event associated with a repairprocess. The repair process may perform a comparison between a mastertemplate of the working system and state of the current working system.Any differences between them could trigger a subsequent repair processin which some or all data that is different is deleted from the workingsystem. Further, data may be copied from the master template by therepair process as necessary. In one embodiment, the repair process maymake the working system identical to the master template.

[0391] In one embodiment, a repair process can be conducted after one ormore e-commerce transactions, or after surfing one or more web pages,and the like. Thus all known and unknown viruses and Trojan horses canbe made impotent prior to the next transaction. While this process doesnot eliminate viruses, worms and Trojan horses from the computer. (theymay be stored in the storage system), it keeps them in an in operativestate. The repair process could repair volatile and non-volatile memory,or clear volatile memory, or set volatile memory to an ideal state.

[0392] In one embodiment, if the user selects more than one e-mail toopen, two or more e-mails could be copied to the working system andcould be open simultaneously. Optionally each e-mail could be copied toits own separate isolated working system, opened, viewed, and worked onseparately. If the user needs to copy data from one isolated e-mail toanother isolated e-mail, a copying process can be used that does notallow code to execute.

[0393] In one embodiment, web commerce software, or e-mail software, orany software can be modified so that individual records, or only copiesof the records that are specifically needed for a transaction are copiedto the storage system, utilized and then copied back to the database inthe storage system, and after each such transaction a repair can beconducted. Optionally, in a transaction in which data interacts withmore than one database or CGI for example, the transaction can be brokenup into discrete segments, data copied to and from the isolated storagesystem(s) or working systems as needed, and repairs can be run betweeneach segment of a transaction, or between some segments of atransaction. Optionally, software can contain instructions that definewhat type of data can comprise a transaction, limiting the copy processto only copying data that meets certain criteria.

[0394] Cyber-Terrorism Examples and Embodiments

[0395] Cyber-terrorism represents a number of threats. One such threatoccurs when e-mails are downloaded of which one e-mail contains a virusthat when executed has the ability to infect other e-mail, infect thee-mail program so that it sends a copy of the virus with each new e-mailsent, and the virus places a hidden item in the operating system orapplications that when executed after a period of two days, destroys theformat or data structure or device drivers contained on any accessibledata storage device, Such a virus may have been unknown and noprotection or method of identification is available from virus-detectioncompanies.

[0396] The protection process is described for processing e-mail,according to one embodiment. Upon download to the working system theunopened e-mails are then copied to the storage system (or alternativelythey could be directly downloaded to the storage system) using a methodin which the data cannot execute. A list of the e-mail subjects and whosent the e-mail and other pertinent information can be created anddisplayed to the user. For example this list could be generated by thestorage system or the control system. User selects an e-mail to open. Acopy of that e-mail is copied to the working system and then may beautomatically opened. Optionally, a virus scan of the e-mail may beconducted. User reads and responds to the e-mail, and the response maybe copied to the storage system. A repair process may take place andrepairs volatile or non-volatile data storage devices as needed.

[0397] Further, according to the example, a user selects next e-mail toopen. This e-mail contains the virus. It is copied to the working systemand is opened. No other e-mail is available for it to infect, but thee-mail infects the system folder used by that working system and severalapplications used in that working system. The user decides to respond tothe e-mail and selects “respond”. Optionally prior to responding, arepair process can be run or comparative process may be made between amaster template and the working system. During the repair process orcomparative process, the changes to the operating system associated withthat working system or applications could be noted, and based on thedifference(s) a virus warning could be drawn to the users attention,warning user not to respond to the e-mail as it may negatively affectthe computer receiving the e-mail. Optionally a dialog can suggest thatthe user contact a virus alert center (e.g. such as a national orinternational virus alert center that collects or responds to potentialvirus alerts.) and notify the center of the virus, or to allow therepair process to notify a virus alert center concerning the potentialvirus.

[0398] Optionally, based on certain criteria such as a virus threatanalysis based on the type of changes made to the operating system orapplications, the repair process could initiate commands to disable thenetwork connection or e-mail software, or disable the e-mail process, orgive the user a dialog indicating that based on the results of the virusthreat analysis, the user may not be permitted to respond to the e-mail,and the ability to respond to that e-mail has been disabled. That e-mailcould then be destroyed, or quarantined, or kept in isolation or kept ina storage system. Optionally such virus could be stored and deletionwould not be permitted, pending approval from some entity, such as avirus alert center that could authorize destruction of the virus byproviding (for example) a code that would allow destruction of thevirus. Optionally upon receiving such code the repair process couldautomatically destroy the virus laden e-mail. Optionally, the file couldbe encrypted or compressed, or modified in such a way that it could notexecute and the repair process could send it to the virus alert center(with or without permission from the user.)

[0399] Optionally, such modification to computers and computing devicesmay be required by law, and the part of the repair process that dealtwith potential viruses may be modified as needed to interact withgovernment/commercial virus checking companies. For example a method ofallowing upgrade of the software that dealt with viruses, permission todelete files, etc. may be required. In such cases specialized code couldbe created to interact with government agencies that would allow orrequire upgrade of the repair or virus checking software, allow or denydestruction of infected files, etc.

[0400] The repair process may run and make the working system identicalto the master template, destroying all viruses, worms, and other changesin the process. The user finishes with the e-mail and selects the nexte-mail. A repair may be conducted and then the next e-mail may then becopied to the working system, without risk of infection.

[0401] Loading a Master Template into Volatile Memory

[0402] In one embodiment, to further speed the repair process a mastertemplate of the working system and the software in the working system,may each be loaded into their own separate isolated volatile memoryareas or shells to increase the speed of the repair process. Thus, ifdata in the working system is in volatile memory and the master templateis in volatile memory, repairs can be conducted at higher speeds.Alternatively a new working system shell can be utilized, eliminatingthe need for a repair. For example a user could open an e-mail, and readthe e-mail using one shell, and if they want to respond to the e-mail asecond shell could be used for the response. (Optionally the first shellcan be checked for a virus while the user is writing a response to ane-mail using a second shell.) Additional shells can be made ready foruse.

[0403] In another embodiment, data can be downloaded directly to astorage system, using a method of encrypting or compressing or othercopying which prevents execution of the data. A virus checking or repairprocess can be run as part of the repair sequence, or as a separatesequence. Optionally, an isolated hidden backup or archive system may beutilized with this invention, which may make an array of hidden backupsor archives of the storage system or working system volatile ornon-volatile memory/memories or data as desired, and which may be timestamped. Copying of data to such backup or archive system could also usetechniques described herein to prevent execution of files and damage tothe data on the backup system.

[0404] Optional Information Regarding Copying or Saving Data

[0405] In one embodiment, the process of copying data may be dumb orrestricted so that data being copied can't execute and thus the data onthat data storage device can't be damaged by malicious code. Forexample, to move/copy data it can be encoded, or an ASIC can beutilized, or direct memory transfer or any other method of moving orcopying data can be used that does not allow data to execute.

[0406] Optionally, copying could be orchestrated by aStoreExecute/control system that could have access to the isolatedworking system(s) and isolated storage system(s).

[0407] Selecting a file to open in the storage system could initiate aprocess whereby a file is copied from the storage system to the workingsystem and opened. Saving a file in the working system could initiate aprocess whereby the file is copied to the storage system. Quitting afile in the working system could initiate a process whereby the file iscopied to the storage system and deleted in the storage system.

[0408] The term “copy” or “copies” or “copying” may be used in itsbroadest sense, and may include an algorithm, snapshot, compressed data,bit by bit, encryption, encoding, and the like.

[0409] Optional Information Explanation of Data Storage Associated withthe System

[0410] Optionally, the data storage associated with a user workingsystem could be temporary data storage, used while a file or files areneeded or actively being worked on or needed by the system or the user.For example, when files were not being worked on they could be moved tothe storage system, (ie. copied to the storage system and deleted fromthe working system). Thus, except for a copy of the Master Templatelocated in the working system, data not being used is not stored on theworking system data storage device where it would be potentially subjectto being infected, damaged, destroyed, hacked, or manipulated in someway.

[0411] Optional use with Internet, Network, or Web Sites

[0412] Optionally, the working system could support a web site, or acomputer could contain more than one working system or more than onestorage system that could support various functions. For example oneworking system could contain a web site, while another working system isused by a user.

[0413] Optionally, one or more NetLock devices (described in theAppendices) may be used and may automatically switched or enable/disablenetwork connections as desired.

[0414] Optionally, one or more NetLock devices may be used to switch,enable, or disable connections to a working system as needed.

[0415] Optionally, use of web software could indicate to a controllerthat is associated with a Netlock Device and is process watching toenable a network connection to or from a working system, and quittingall network software (or lack of activity or other trigger) may indicateto a controller associated with the NetLock device to disable thenetwork connection.

[0416] Optional Explanation of Automatic Backup or Archiving

[0417] Optionally, an automatic backup or archiving process may beassociated with the storage system or the working system. Volatile ornonvolatile data may be saved, backed up or archived.

[0418] In one embodiment, external devices may be isolated and be usedas storage systems. Alternatively, one or more external device(s) couldalso be isolated and used as one or more working systems. External portscan be connected to switches and switched, enabled, or disabled toconnect to one or more isolated working systems, and then switched toconnect to one or more isolated storage systems. Such switching may bedone manually or automatically, or using a hardware switching process ora software switching process.

[0419] Optionally, in one embodiment, each time a save is made in aworking system, a copy can be made to a storage system. Optionally, inorder to prevent a virus or Trojan horse from causing havoc byperforming millions of saves that get saved to the storage system, therecould optionally be imposed a limit on frequency that a file could besaved, or other limitations could be placed on the process of savingdata to the working system. (Optionally this could be part of the ROM orStoreExecute program.)

[0420] Optionally a quarantine data storage device can be used, or oneor more common data storage device(s). Optionally, such data storagedevice can be accessed by the working system, or by the storage system,or by another logic control device that may also have access to theworking system or storage system.

[0421] Optionally, a storage system may utilize one or more data storagedevices. A working system can utilize one or more data storage devices.A working system and storage system can share a data storage device ifthey are isolated from each other. For example, a data storage devicecould be partitioned into two or more partitions, for example: PartitionA and Partition B.

[0422] Optionally, working system “A” could consist of an isolatedcomputing process associated with an isolated data storage partitionlocated on partition “A”. Storage system “B” could consist of anisolated computing process associated with an isolated data storagepartition located on partition “B”. Partitions can be isolated in amanner similar to how data storage devices can be isolated. Control overthe partitions could optionally rely up an isolated computing process“C”.

[0423] Optionally, applications and programs stored in the isolatedworking system can be repaired on command or automatically as needed.Optionally, a comparison process between a master template and theapplication/software in use could be used as a basis for how theapplication/software should look, and if different, components could bereplaced as needed.

[0424] Optionally, a separate processor that has restrictedfunctionality may be used to process data in the isolated workingsystem, or the main processor can be given a restricted functionality.This can be done with multiple data storage devices, or one data storagedevice that has isolated partitions.

[0425] Optionally, the ability to execute files (located on anonvolatile data storage device associated with a working system) may beenabled/disabled as needed. For example, logic control software may notcontain code needed to execute files located on a nonvolatile datastorage device associated with a storage system, or code needed toexecute files can be disabled/enabled or switched on/off as needed.

[0426] Optionally, the logic control software associated with thestorage system may be set to read only, or inaccessible from the workingsystem or storage system (so that malicious code can not effect thesoftware nor the processor nor gain access to the storage system).Optionally, a third isolated logic control and computing processes maybe used to access that code. A logic control and computing processes maybe performed via separate logic control and processing devices, or be ona single device that has the ability to isolate two or more logiccontrol processes.

[0427] Optionally, data that is copied from the volatile or nonvolatiledata storage device(s) associated with the working system to the storagesystem can be deleted from the working system and associated datastorage devices as needed. This may help to prevent hacking, etc.

[0428] Optionally, working system(s) or their associated Data StorageDevices, and storage system(s) or their associated Data Storage Devices,need not be on a computing device together. They can be on a network,external, have wireless connections, or be anywhere. For example, acomputing device may have a working system, in which an associatednonvolatile data storage device is in a nearby server; and a storagesystem may be located over a network, and associated with an externalwireless data storage device.

[0429] Optionally, a working system may not have an associatednon-volatile data storage device. A working system could be limited tovolatile storage. Additionally, a working system may have a plurality ofprocessing functions or processors associated with it.

[0430] In one embodiment a switching process that may be controlled bythe control system that may be used to switch which system(s) haveaccess to network communication. Network communication can be dedicatedto a particular working system/or storage system, or switched as needed.

[0431] Optional Shells

[0432] Optionally, using a variation of the Shell approach, isolatedshells may operate as working systems optionally with associated datastorage, and other isolated shells can operate as storage systemsoptionally with associated data storage. Data may be copied to and fromto the working system and storage system shells associated volatile ornonvolatile memory using a copy process that prevents the execution ofdata.

[0433] Optional Changes to Software

[0434] Optionally, in order to enhance the effectiveness of the isolatedworking system & storage system embodiments described above, thefollowing changes may be made to software. Data used by the software maybe kept in a storage system until needed. Data can be broken up and onlydata pulled from the working system that is needed. For example, insteadof treating an e-mail in box as one file, e-mail programs can bemodified to treat them as separate files, and only copy specific file(s)into or out of the working system as needed, keeping all of the otherdata isolated. Alternatively, data could be stored in the working systemas one or more files, but when for example a specific e-mail was needed,only that specific e-mail part of a file could be copied to the workingsystem, and data could be saved from the working system into that onefile in the storage system.

[0435] E-mail was used here as an example. Optionally, software, andespecially software used for the web, may use the approach of storingrecords as individual files, or keeping them in one or more files andonly bringing the data into the working system that is needed at thattime or is likely to be needed.

[0436] Optionally, when a Netlock device enables internet connectione-mail and other software used on the web that is currently in theworking system may be limited to only data that needs to be sent orused, limiting a hackers ability to access any other data. During webcommerce sessions, data can be frequently moved to and from the storagesystem as needed to ensure that the least possible, preferably only thatdata required and in use or needed for use is in the working system.

[0437] Optionally, an index or database containing content of some dataor files contained in the storage system may be moved to or located inthe working system. When such data is selected to use or open, it couldthen be copied into the working system as needed and copied back to thestorage system when not needed, and deleted from the working system.

[0438] Optionally, switching data storage device identity may be doneusing software that interacts with the data storage device or datastorage device controller. Such software could be isolated from theworking system and storage system. For example it could be part of anisolated StoreExecute that conducts the repair process, or it could beon it's own isolated StoreExecute. This may necessitate a change in somedata storage device controllers to enable them to accept softwarecommands to change identity/boot sequence.

[0439] Optionally, a data storage device may be hot swappable, andturned on only as necessary during the isolated backup event.

[0440] Optional Netlock

[0441] Optionally, the netlock device may be controlled by any type oflogic control device, triggered automatically or manually, by a hardwareor software process. Switch trigger may include or utilize atimer/scheduler. It may also include any method of triggering aswitching process. For example, a coin operated mechanism or pin cardoperated mechanism could be used that triggers netlock. A dual ormulti-line version of netlock that can deal with more than one networkconnection (two or more network connections), in which case the netlockdevice may optionally be modular in nature to add additional networkconnections as needed.

[0442] Optionally, a dual or multi-line version of netlock that can dealwith more than one network connection (two or more network connections),in which case the netlock device may optionally be modular in nature toadd additional network connections as needed. If so desired themulti-line version could potentially controlled by one logic controlleror switching process.

[0443] The inventions and methods described herein can be viewed as awhole, or as a number of separate inventions that can be usedindependently or mixed and matched as desired. All inventions, steps,processed, devices, and methods described herein can be mixed andmatched as desired. All previously described features, functions, orinventions described herein or by reference may be mixed and matched asdesired.

[0444] Optionally, a process hereinafter referred to as an InstallerWatcher, may run in the background of a computer that can look foractivity that appears to be an installer. If the user attempts toinstall software, the attempt at installation may be halted and a dialogcould query the user as to whether the user is installing software. Ifso the Installer Watcher could walk the user through a process ofinstallation or testing the software prior to updating a Master Templateor during actual update of a Master Template.

[0445] Additional embodiments and aspects of the invention are nowdescribed.

[0446] Embodiments of Computers That Defend Against Viruses, Hacking,SPY Software, Cyber-Terrorism, Theft, and Make Malicious Code Irrelevant

[0447] Embodiments of the invention defends computers and users'personal data (such as, but not limited to: documents, email messages,etc.) against hacking, and/or viruses, and/or cyber-terrorism, and/ortheft; prevents known and unknown malicious code from causing meaningfuldamage, prevents hacking software from successfully engaging in hackingor spying while on a computer that utilizes this technology, and helpsto enable capture of hackers and cyber-terrorists. Although thetechnology may aid in removal of malicious code from infected data files(A standard virus checker may be used for that purpose), its successdoes not rely on the removal of such code.

[0448] The computer isolates the user's personal data. Thus, if aninfected file arrives, the user data is isolated from it, and is thusprotected from being negatively affected by said malicious code. Aprocess is conducted that not only repairs any damage to the computersystem software and applications, but may also delete known and/orunknown viruses, hacking software, and/or reformat the hard drive, etc.User's personal data is isolated and inaccessible to hackers and hackingsoftware. Unknown and known viruses and hacking software may optionallybe saved and stored in a manner in which they are unable to execute, andmay be used as evidence against a hacker or cyberterrorist. Embodimentsare also described that enable use of the inventions to aid in thecapture of hackers, thieves, and cyberterrorists.

[0449] It will be appreciated that existing methods of attemptingprotecting against viruses and hacking frequently fail. New viruses andmethods of hacking are invented, and existing protection is repeatedlyproven inadequate. This costs billions of dollars in damages annually.An inexpensive and reliable solution was needed. This invention solvesthese problems. Additional embodiments directed to these and otherfeatures and advantages are now described.

[0450] Overview of One Embodiment

[0451] User data may be stored using one or more data storage device(s)which may be associated with other computing hardware and/or software,such as, but not limited to: RAM, and/or ROM, and/or Method of Control,and/or processing, and/or processor, and/or other computing features andabilities collectively referred to as Protected Storage. This datastorage device and optionally associated computing hardware and/orsoftware may be isolated. Optionally, communication with ProtectedStorage may be activated/deactivated, and/or locked/unlocked, and/orread only/read write. Isolated video and/or I/O and/or Method ofControl, and/or other features may be associated with ProtectedStorage(s).

[0452] On one or more additional/secondary isolated data storagedevice(s) which may be associated with other computing hardware and/orsoftware, such as, but not limited to: RAM, and/or ROM, and/or Method ofControl, and/or processing, and/or processor, and/or other computingfeatures and abilities collectively referred to as the Explosion Room .. . an isolated environment where for example a user may “work on” data,play games, etc., and where viruses can “explode” or execute withoutcausing damage to the data in the Protected Storage. Optionally, a copyof all or part of one or more Master Templates may be contained in theExplosion Room. There may be one or more Explosion Rooms. Isolated videoand/or I/O and/or Method of Control, and/or other features may beassociated with Explosion Room(s).

[0453] When the user finishes working on a document the document may besaved to a Protected Storage, optionally using a method of copying inwhich code cannot execute.

[0454] A repair process may be conducted which may consist of, forexample, one or more of the following:

[0455] making software in the Explosion Room identical and/or partiallyidentical to all or part of a Master Template.

[0456] deleting and/or repairing the Explosion Room, and/or switching toa secondary Explosion Room.

[0457] reformatting and/or repairing one or more data storage devices

[0458] running one and/or more other repair processes.

[0459] A repair process may be run, for example, each time a user“quits” a document (and/or other criteria may be used for when it mayrun). Thus each new document may be opened in a clean environment whichcontains no viruses and/or hacker software or other malicious code.

[0460] In one embodiment, video associated with the Explosion Room(s)and/or Protected Storage, and/or Master Templates, and/or othercomputing processes may be isolated, so that video data associated withone or more other Explosion Rooms and/or Protected Storage may not becaptured. Likewise, video associated with other data storage devicesand/or associated RAM and/or processing may be isolated. For example,video associated with a Protected Storage may be isolated. In anotherembodiment, video need not be isolated. Instead, communication with thedevice(s) would not be established until after a repair has been run sothat viruses could not be spread, and hacking could not take place.

[0461] In a different embodiment, the Explosion Room where the userworks/plays games, etc. may not contain a Master Template, and/or maynot contain an operating system. Instead, a copy of a Master Templateand/or operating system may utilize a different Explosion Room that mayoptionally be isolated and/or optionally may be located across anetwork, and/or may optionally be switched to different modes such asfor example locked/unlocked and/or read only/read write.

[0462] In another embodiment, an Explosion Room may only contain a copyof part of a Master Template. For example it may contain those parts ofan operating system that get modified, but not other parts of anoperating system. For example, in one embodiment, the only part of anoperating system included in the Explosion Room being used by the usermight be the “preferences folder”. The rest of the operating system maybe located in a different data storage device and or Explosion Room, andmay be usually be locked or read only. Likewise, optionally, the onlypart of applications located in an Explosion Room may be the parts of anapplication that may change during use. The rest of the application maybe located on a different data storage device, (and/or over a network)and optionally may be usually locked and/or read only. Thus, less datawould need to be copied to Explosion Rooms. Some modification ofoperating systems and/or ROM, and/or applications may be desirable tosupport this embodiment. For example, instead of looking for thepreferences folder to be located in the operating system, code could bemodified to look for the preferences folder inside of an Explosion Room.

[0463] Likewise, applications and other software may be modified to lookfor one or more data files that is/are part of the software and that maybe modified during use of the application, may look for those files tobe located in an Explosion Room. Optionally, because software mayutilize and interact with parts of the operating system, the softwaremanufacturers and operating system manufacturers, and/or computermanufacturers may all need to coordinate their design specifications toenable this functionality.

[0464] One or all of the following may be located as part of a computingdevice, and/or on a network:

[0465] Explosion Room(s), Master Template(s), Protected Storage(s),Backup(s), Archives(s), processing, RAM, ROM, computing, networkconnection, control, I/O, video, any other component and/or functiondescribed herein and/or desired and/or needed for use.

[0466] Optionally, network connections may be deactivated and/oractivated at various times during use of the computer. Various criteriamay be used for deciding when to activate/deactivate communicationbetween a network and an Explosion Room. For example, in one embodiment,a network connection may be established with an Explosion Room whenthere is no communication between that Explosion Room and otherExplosion Rooms, and the explosion room has been repaired and/orreplaced by a new Explosion Room. Another example of criteria, a networkconnection may be established with an Explosion Room when there is nocommunication between that Explosion Room and Protected Storage. Theseare examples of criteria and are not intended to limit criteria.

[0467] Using such criteria, it is thus possible to make the user data inProtected Storage inaccessible to a hacker across a network.

[0468] In one embodiment, one or more Master Template(s) is used, andfor example, one or more of the following could be used as MasterTemplates:

[0469] Protected Master Template (Optional):

[0470] In one embodiment, A Master Template may be stored on a DataStorage Device that optionally may be hidden, and/or may not be normallyvisible to the user and may be referred to as a Protected MasterTemplate, and/or Master Template. Optionally, it may be “read-only”,and/or locked, and/or turned off, and/or disabled until needed, and/ordisconnected, and/or inactivated, and/or communication with it can beterminated and/or inactivated. These (and other) techniques can be usedto protect the Protected Master Template from malicious code.

[0471] Example of Master Template Storage Location (Optional):

[0472] In one embodiment, a master template, or copy of a MasterTemplate, may be kept on a data storage device such as, for example,RAM, and/or a RAM disk, and/or ROM (for example flash ROM or other ROM)that may optionally be hidden and/or made not normally visible to theuser. It may be “read-only” and/or locked (for example it could belocked via hardware and/or software), and/or isolated and/or otherwisemade impervious to malicious code. Optionally, the Master Template canbe repaired and/or replaced as needed by copying and or replacing itfrom the Protected Master Template. Please note that this is an optionalstep that is not essential to this process, but in some embodiments maybe desirable.

[0473] Self Repairing User Work Area, or Explosion Room:

[0474] In another embodiment, another copy of all or part of one or moreMaster Templates may also be stored on a data storage device (forexample, one embodiment could utilize a data storage device associatedwith volatile memory, RAM and/or a RAM disk, associated I/O, associatedvideo, that optionally may all be isolated). This copy of all or part ofone or more Master Templates may be referred to as the MasterTemplate(s) and the data storage device where it is stored andassociated RAM, ROM, Processing, I/O, video, computing, etc. may bereferred to as the “Explosion Room.”

[0475] The Explosion Room may contain all or part of one or more copiesof a Master Template(s) and may also be used for example for datastorage and and/or scratch disk space for one (or more user data file(s)needed for the user to perform such tasks as: playing a game, checkingE-mail, surfing the Internet, working on documents, etc. Software suchas viruses, Trojan Horses, worms, hacks, spy software, and “conduithackers” that arrive here can do no permanent damage, and the DataStorage Device that contains the user's personal data is inaccessible.In one embodiment, a high speed repair process may be run thateliminates known and unknown viruses and hidden software from theExplosion Room. For example, this repair process could be run each timethe user quits a document, and/or on some other schedule or basis.Because this may be an isolated work area, and may be repaired aftereach use (for example), this Explosion Room is a place where a virus can“explode” or execute without causing damage, and where hacking softwareis useless.

[0476] Protected Storage

[0477] In one embodiment, a Data Storage Device is used to store theuser's personal data (documents made by the user, E-mail, bookmarks,favorites, etc.) This Data Storage Device may be referred to as“Protected Storage”. Network communication and/or communication withProtected Storage, may be disabled, and/or disconnected and/or switchedoff (logically and/or physically) when potential viruses or hacks may beprocessed and/or present; and may be enabled, and/or connected, and/orswitched on (logically and/or physically) after criteria has been met,for example after a repair has been conducted. Thus, there is no way avirus or hacking software can affect or gain access to the user'spersonal data on the Protected Storage. In one embodiment the ProtectedStorage may normally be “read only”, except, for example, when dataneeds to be copied to or from it. In one embodiment, when networkconnection is to be established, a repair may be conducted (which wouldremove/disable/overwrite any active viruses or hacking software), and/orcommunication with the Protected Storage may be disabled, and/ordisconnected and/or switched on/off (logically and/or physically).

[0478] Temporary Storage

[0479] In one embodiment, Data Storage Device(s) and/or partition(s) maybe used to temporarily store the user's personal data (documents made bythe user, E-mail, bookmarks, favorites, database components, etc). ThisData Storage Area may be referred to as Temporary Storage. For example,when the user saves a document, it may be saved to the TemporaryStorage. When the user saves a database, for example, it (and perhapsrelated components) may be saved to the Temporary Storage. When a userdownloads E-mail, it may be saved to Temporary Storage. When items arecreated such as bookmarks and favorites, they may be saved to temporarystorage when they are created, and/or when the application is quit. Whena document is requested from Protected Storage (described elsewhereherein), it may be first copied to Temporary Storage. For example, ifthe user wants to open an Internet browser, then favorites/bookmarks,and other user information may be copied from Protected Storage toTemporary Storage. Please note that this is an optional step that is notessential to this process, but in some embodiments may be desirable.

[0480] A repair process may repair Temporary Storage, or replace it witha new copy that has been prepared in advance. For example, in oneembodiment, multiple temporary storage areas may be prepared inisolation. Then, as they are needed, the old Temporary Storage Device(s)may be deleted and replaced with one or more new ones, that may forexample have been created using RAM, a RAM disk, a shell, etc.

[0481] In one embodiment, for example, the Protected Storage may be thestorage area where the user's personal data is isolated from theExplosion Room except after a repair, or if the explosion process hasbeen suspended. Temporary Storage may be the data storage area that maybe used (optionally) when data is “shuttled” from Protected Storage toTemporary Storage, and back again after the document has been worked on,from Temporary Storage to Protected Storage. Temporary Storage may, inone embodiment, always be accessible to the Explosion Room. In thisexample, the user may save data to the Temporary Storage while working,and then upon quitting, the document is copied from Temporary Storage toProtected Storage.

[0482] Backup and/or Archive Storage:

[0483] Optionally, in one embodiment, backup system(s) may be used tokeep successive backups of all user's personal date: e.g., documents,E-mail, favorites, etc. Optionally, if a file is damaged by a virus orcorruption, the user can copy past versions from the backup system.Successive backups and/or archives may be time/date stamped so that theuser can easily determine when backups were made. The frequency ofbackups may be predetermined as a default from the manufacturer, but maybe changeable by the user. Optionally, the backup system(s) may normallybe hidden from the user. In one embodiment, when the backup system ismade available to the user, it is kept in “read only” mode so that itcan not be accidentally modified by the user. Optionally the backup maybe on a separate data storage device (and in some embodiments, apartition,) and/or located elsewhere such as, for example, on a network.Please note that this is an optional step that is not essential to thisprocess, but in some embodiments may be desirable.

[0484] Control of the Processes:

[0485] A wide spectrum of methods of control are possible, and may bereferred to as Method of Control and/or Methods of Control. A fewexamples follow:

[0486] For example, in one embodiment, code stored in a separate ROMdevice and/or an ASIC and/or a controller and/or a subsystem, and/or anoperating system, can control the process of saving data, and/oractivating/deactivating connections and/or activating/deactivatingcommunications, and/or conduct switching processes as needed, and/ortriggering repair processes, and/or perform other functions as describedherein.

[0487] In one embodiment, when a document is closed, a “process watcher”can be used to determine whether a repair shall be triggered, and/orwhether there is a functioning operating system. If there is not aproperly functioning operating system, and/or the repair does not takeplace, the Method of Control may switch to a secondary system that maybe held ready in isolation, and/or created as needed. Optionally, it mayre-boot the computer to a secondary system, conduct a repair process,and reboot the computer. Optionally, no reboot may be required. In oneembodiment, a secondary and optionally isolated system may be used bythe repair process and/or anti-virus/anti-hacking process and othersoftware used to repair and/or maintain the first or primary system.Optionally, a secondary system can be used to “run” the computer whilethe first system is being repaired and/or anti-virus, anti-hacking,and/or diagnostic, and/or other process is conducted.

[0488] In another embodiment, a primary operating system may run thecomputer, and Explosion Rooms, and/or Protected Storage, and/or otherfunctions may operate as subsystems and/or virtual systems and/orsubsystems.

[0489] In another embodiment control can be provided by code in volatilememory, and/or shells, that may be kept in isolation until needed,and/or may be read only. While volatile memory “A” may be used forcontrol, volatile memory “B” may be isolated. Optionally, the Method ofControl may be repaired by use of copying from one or more MasterTemplates all or part of the code used by the Method of Control and/orthe Method of Control can be replaced as needed with one or more copiesthat may be isolated and readied for use.

[0490] In one embodiment, communication with isolated volatile memorycan be switched on/off to provide isolation as needed/when needed.Optionally, multiple volatile memories may be available for use and maybe isolated. During a repair communication with a volatile memory can beswitched to a new volatile memory area.

[0491] In one embodiment, in order to prevent viruses or hackers fromtampering with commands to activate/deactivate communication with theInternet, Intranet, or the Protected Storage, those commands may becontrolled by ROM and/or an independent controller, and/or other Methodof Control and may be isolated as needed. Alternatively the Method ofControl may conduct such commands following a repair. In one embodiment,in order to prevent malicious code from, for example, sending a copycommand a billion times instead of just once, the ROM and/or Method ofControl instructions for copying may limit the number of viable requeststo copy. Optionally, unreasonable requests such as requesting a copycommand a billion times may trigger code that clears the process and/orclears RAM and/or runs a repair process. Limits can be placed on thenumber of times an event can be requested, and other such maliciousbehavior.

[0492] In one embodiment a trigger may be used to initiate one or moreof the events described herein. For example, one or more button(s) couldbe located at a place convenient for the user, and could be used tophysically trigger the repair process; and/or switch data storagedevices (for example to initiate communication with the ProtectedStorage and/or Master Template; and/or High Speed Master Template,and/or Protected Master Template, etc. Optionally any other sort oftrigger may be utilized such as voice commands, touch, any means ofidentifying a user, and/or any other known means of triggering an eventand/or initiating a hardware and/or software switching process.

[0493] In another embodiment, a system of public and private “keys' maybe utilized to determine the validity of instructions that should (orshould not) be executed by the Control Method. This validation systemcould be hardware and/or software based.

[0494] An Embodiment of the Repair Process:

[0495] Overview of the Repair Process:

[0496] The repair process and how the repair process eliminates unknownviruses

[0497] The repair process consists of a process that is used to repairthe computer, and/or put the computer into a state in which it isoperating properly.

[0498] For example, a repair process can eliminate anything in anExplosion Room that is not identical to a Master Template by a processof comparison with and/or copying from the a Master Template to theExplosion Room.

[0499] In another embodiment of the repair process, communication may beestablished with a new Explosion Room that may optionally utilizevolatile memory, and/or shell(s), and/or ROM(s), and/or RAM disk(s),containing a copy of all and/or part of one or more master template(s).Optionally, the old Explosion Room may be deleted or repaired (i.e.: bycopying from the Master Template to the shell.)

[0500] In one embodiment, here is an example how therepair/anti-virus/anti-hacker process works: Consider a user who workson a document that is infected by a virus. Assume that the virus infectssome of the software, the operating system, various executables, E-mailsoftware, and hides itself in “read me” files that are with mostapplications. In this embodiment, when the user quits a document, the“close” or “quit” command triggers code in the Method of Control thatconducts and/or initiates a sequence of events.

[0501] (Note: This code may be in ROM, an ASIC, a control system, asubsystem, an operating system, and/or elsewhere, depending on thedesign of that particular embodiment of the computer. In one embodiment,the code may be inaccessible to a virus or hacking software tomanipulate because it may be read only, locked, and/or otherwise madeunavailable to the virus and/or hacking software.)

[0502] One possible sequence of events follows (but many other sequencesof events are possible).

[0503] If the user chooses to save the document it is saved (where andhow it is saved is explained elsewhere in this document) and then quit.The processor may be allowed to complete processing and/or may be“cleared” or reset, RAM may be cleared or reset, (optionally, a secondisolated RAM that may optionally be unavailable and/or deactivated maybe made available [for example communication with it can be established]and/or activated and utilized while the first RAM is cleared, but use ofa second RAM is not required), and the processor and/or RAM may now beutilized in the repair process that follows, (and/or a differentprocessor and/or RAM may be utilized.)

[0504] Repair of an Explosion Room

[0505] In one embodiment, all or part of one or more Master Templates iscopied from its storage location to the Explosion Room. The copy processmay be a partial copy, or complete copy. A comparative process may beutilized to copy and/or replace as needed data that is missing, changed,or modified. Data that is not identical to a Master Template may beremoved. (Optionally the process may utilize copying, and/or comparisonof data, and/or other methods described elsewhere herein such as indescriptions of how Master Templates can be used.)

[0506] In one embodiment, anything that is in the Explosion Room that isdifferent from the Master Template may be destroyed (for example,overwritten). Any missing software or files may be replaced by copyingmissing items from the Master Template to the Explosion Room.Optionally, all files can be replaced by copying items from the MasterTemplate to the Explosion Room. Files that are not identical to theMaster Template may be deleted, and or copied, for example to a datastorage device (that may be isolated), and may be encrypted, and/orcompressed, and/or otherwise disabled. This repair process destroys anyknown and unknown viruses and hacks that may have been placed into thesoftware and/or hidden on the Explosion Room

[0507] In another embodiment, one or more of the Explosion Rooms, eachcontaining a copy of all or part of one or more Master Template(s) maybe created and/or exist, each copy of all or part of one or more MasterTemplate(s) in an Explosion Room may be in, in this example, a volatilememory, and/or RAM DISK, and/or ROM (and/or other form of data storage),which may be created in isolation (optionally) and made ready for use asneeded. For example several Explosion Rooms, each in it's own volatilememory and each containing a copy of a Master Template can created andwaiting—ready to be used “as needed”. The Explosion Room that had beenused may be deleted, and/or can be repaired as needed and/or desired. Asoftware and/or hardware process may activate communication with a newExplosion Room in volatile memory (and/or other form of data storage),so that it is available for use by the user. While the user is using thenew copy of the Master Template in the new Explosion Room, either theold Master Template in the old Explosion Room may be repaired, oranother Master Template may be readied for use in a new Explosion Room.Shells may be used for Explosion Rooms.

[0508] The process of replacing “used” Explosion Rooms with newExplosion Rooms may happen so quickly that the user may not notice it,or it may take noticeable time. If noticeable time is taken, theinterface may indicate to the user to wait.

[0509] Upon completion of the repair and or replacement of the ExplosionRooms that had been in use, the user may open the next document orE-mail in an environment that is free of malicious code.

[0510] In one embodiment, prior to copying data from a Temporary Storageto a Protected Storage (or visa versa), RAM and/or the processor may bereset and/or cleared of potentially malicious code, and/or a repair canbe performed on the Explosion Room to delete (and/or overwrite) and/orreplace any code that is different and/or missing when compared to aMaster Template, and/or the Explosion Room may be replaced by anotherExplosion Room and then a switching and/or copying process may beconducted by the Method of Control to turn on (or enable/activate)communication with the Protected Storage, and may copy data from aProtected Storage to the Temporary Storage, and/or may copy data from aTemporary Storage to a Protected Storage, and then turn off(disable/deactivate) communication with the Protected Storage. In oneembodiment the step of using a temporary storage may be omitted, andinstead data can copy directly from Protected Storage to an ExplosionRoom.

[0511] In one embodiment, when the user wants to select, for example, adocument to work on, they may select the documents folder from a menu.Optionally, this may first trigger a repair process. Unlike computersthat are in existence today, instructions in ROM and/or the operatingsystem, (for example) and/or other code that instructs the computer howto operate may be different from current software as follows in thisexample: When, for example, a user document or folder is selectedinstead of opening that document/folder, a different sequence of eventsoccurs as described herein. For example, then a repair could be run if arepair had not already been run, and/or the Explosion Room could bereplaced with a different Explosion Room, then communication with aProtected Storage (where the users data is stored) could be activated sothat data could be copied to a Temporary Storage and/or Explosion Room.Then the document the user selected may be copied from the ProtectedStorage that contains the users data, to a Temporary Storage (that canfor example be a partition on a data storage device, and/or to anExplosion Room. Optionally, in this embodiment, separate isolated videomay used so that video of the Explosion Room can not be captured.

[0512] In one embodiment, user data can not execute and/or open inProtected Storage. Data can be copied to or from Protected Storage,deleted, duplicated, but not executed and/or opened.

[0513] Note that in one embodiment, repair of an Explosion Room may alsobe defined as replacement of the Explosion Room with another ExplosionRoom. One method of achieving this is to delete the first ExplosionRoom, and activate communication with the Second Explosion Room.Alternatively, the first explosion room can be repaired while the secondExplosion Room is in use.

[0514] Synchronized Activation and Deactivation of Communication

[0515] In order to prevent hackers from accessing users' personal data,the connection with the Internet (world wide web) may be routinelydeactivated except for when the user is actively sending or receivingE-mail, downloading a document, or surfing the web. A request toactivate Internet and/or network communication may automatically triggercode and/or a switching process that deactivates communication withProtected Storage. A request to save to and/or access Protected Storagemay automatically trigger code and/or a switching process thatdeactivates communication with Internet and/or Network communication.Such changes in code can be modifications (for example) to ROM, and/orthe operating system, and/or other software that performs suchoperations. In one embodiment, in order to safeguard this process sothat viruses and/or hackers can not mimic the instructions, the code maybe isolated, and/or encoded, encrypted, and/or any method of verifyingand/or securing the code can be used. Optionally, isolated processing,and/or RAM, and/or control can be utilized to perform these functions.For example, an isolated controller could conduct these functions,and/or conduct any repair and security functions desired to secure thisprocess.

[0516] Optionally, activation of Intranet access, (such as communicationwith a local corporate network), may also be switched on and off,deactivated/activated, be enabled/disabled, may (in one embodiment) onlybe accessed after a repair is conducted, and optionally, may not beactivated while connection to the internet is active. This protects theintranet from hackers, viruses and spy software. In one embodiment, two(or more) communication ports may be utilized for this purpose.Activation/deactivation of network communication may be accomplished bya hardware and/or software switching process.

[0517] In another embodiment, network access can be operative while theuser is working on data, and/or while the Protected Storage device iscommunicating with an Explosion Room. In this embodiment, a secondisolated Explosion Room is utilized, optionally with isolated video,and/or I/O, etc. In this way the user can simultaneously have networkaccess while working on documents without needing to fear that data maybe accessed by hackers, or that viruses could spread to data. ThisExplosion Room may also access protected storage.

[0518] Preventing Virus Contamination When Multiple Documents areOpened; and Modification to E-mail, Internet Software, Databases, and/orOther Software

[0519] In one embodiment, to decrease the chance that unknown hackingsoftware or viruses are spread, when the user selects a document orE-mail to open, only that one document or E-mail is opened, and allother data is safely stored on the Protected Storage so that it can notbe contaminated, hacked, copied, damaged, etc.

[0520] Exemplary Safeguards if multiple documents and/or E-mails areopened:

[0521] Optionally, in one embodiment, copies of the documents requestedto be opened may be copied from the Protected Storage to TemporaryStorage. After data is copied to the Temporary Storage, and the userfinishes working on one or more documents, documents that have beenchanged may be saved, but the documents that have not been modified maybe automatically destroyed (for example, by the Method of Control)rather than copied back to Primary Storage.

[0522] Optionally, multiple isolated Explosion Rooms may be created. Inone embodiment, each Explosion Room may have the ability to open onlyone document (for example this limitation could be included in code inROM, and/or the operating system, and/or other software). Optionally, inorder to prevent the spread of viruses between documents, data maycopied between the documents as follows: A copy process is used thatdoes not allow code to execute. For example DMA (direct memory access),and/or an ASIC that may perform “dumb” copying (i.e. does not have theability to execute code other than the “copy to” command), and/orencoding may be utilized to prevent execution of code during the copyprocess.

[0523] Optionally, a process may be run to review code prior to copying.If the code matches pre-approved strings or requirements it may becopied. If it does not match pre-approved strings or requirements, theuser may be warned that a virus may be transferred and asked if he/shewants to continue. For example, code that is equivalent to a dictionaryof known words and/or punctuation may be copied, whereas other code maynot be copied. Optionally, variations may be brought to a reviewersattention to alloy or deny copy of data.

[0524] Optionally, in one embodiment backups of all files may be kept,and if multiple files were opened within the same work area withoutconducting a repair first, and if an unknown virus is spread between thefiles, it is possible to use a backup copy. Please note that if a viruswere to spread in such a fashion, that that no other files would becontaminated or damaged, and no other harm would have been done.

[0525] Optionally, in one embodiment when the user quits one or moredocument(s) or E-mail, an automated process may take place, for example:The document may be saved to Temporary Storage, processing and/or RAMmay be cleared, a repair may be made of the Explosion Room, optionally abackup and/or archive may be made, the data created and/or modified bythe user may be saved to Protected Storage. These steps may not takeplace in the order listed, and not all steps are required.

[0526] In one embodiment whenever a request is made to open multipledocuments, the code that controls the process may automatically updatethe current virus checker and run it. (Please note that this automatedanti-virus update and run virus checker function can also be optionallytriggered upon other events such as updates to master templates, uponstarting or completing web access, on a schedule, etc.)

[0527] Email, Databases, and Multi-Part Documents and/or Software

[0528] E-mail in-boxes and out-boxes are usually stored as large filescontaining many individual messages. For example one “in-box” maycontain all messages that have been sent to a user. Thus when one E-mailis read or sent, the entire E-mail file may be at risk from a virus orhacker.

[0529] Optionally, E-mail software may be modified so one E-mail at atime can be copied to the Temporary Storage for use. This would protectother E-mail from contamination. A repair may be run prior to openingthe next E-mail.

[0530] In one embodiment, address books, and or other E-mail componentscould be stored in Protected Storage, and only the particular address(s)a user selects may be copied from Protected Storage to a work area touse. Thus, a virus would not have access to a users entire address book.Optionally, updating an address book could be restricted so that arepair process must be first conducted . . . thus protecting the addressbook from contamination.

[0531] Optionally, databases and other software may store multiple filesas one large file or database—just as most E-mail programs treatindividual Emails as one file. Such software may be modified so thatindividual files and/or discrete records can be copied to the TemporaryStorage and worked on one at a time by the user, so entire databases arenot put at risk. A repair may then be run prior to opening the next fileor record. For example, each E-mail in an Email in box could be storedas separate file. Alternatively, the location of the data could beentered in a directory and/or database, and only that data could becopied, without to the Temporary Storage and/or Explosion Room withoutopening any file in protected storage.

[0532] In one embodiment code could prevent user data from being openedin Protected Storage.

[0533] Optionally, such changes in databases, E-mail, and other softwarecould be made by software manufacturers. Optionally, until then, codecan be utilized that could enter the E-mail file or database, extractthe data which composes the user request(s), and when the user is done,save the data back again if it has been revised, or if the data has notbeen revised, delete the copy that the user has viewed.

[0534] In another embodiment, databases and/or Email may be treated asfollows” here Email is used as an example: If the user chooses to useEmail, the E-mail program, inbox, out box, etc. may be copied to anExplosion Room that optionally may not have network connectionactivated. The Email program may then be opened, and, for example, thedirectory of folders in the In box may be displayed to the user. Howeverindividual E-mails are not opened in this Explosion Room. Instead, if auser selects an E-mail to open, that E-mail may be copied to a secondExplosion Room that may optionally have network connection activated asneeded) and, then communication with the first Explosion Room mayoptionally be terminated, and then the E-mail may then be opened. Whenthe user is done reading the E-mail, and for example if the user makes aresponse to the E-mail, the copy of the response may then be copied backto the first Explosion Room, stored in the Email out (or sent) box, andthen the In box, Outbox, and/or Address Book may be copied back toprotected storage when the user is done interacting with Email in thismanner. This same technique of copying a database to one Explosion Room,and opening a file and/or limited part of the data in a second ExplosionRoom, can be used for databases and/or other software.

[0535] In one embodiment E-mail and/or databases may be copied from theProtected Storage Area to a Explosion Room and/or other data storagedevice, and one (or more in some cases) E-mail or file(s) can be openedto work on. Only that one Email (or database file) can be opened andworked on and the rest of the E-mail and/or database can be deleted(because it still resides on the Protected Storage Device).

[0536] In another embodiment, for example, the entire E-mail databasecan be opened, one E-mail checked, and on completion of checking thatone E-mail the entire database can be deleted from the Protected StorageDevice, copied again from the Protected Storage Area, and the nextE-mail can be read. Alternatively, only the parts of the database thatare modified and/or changed can be deleted. An E-mail response and/orstart of a new E-mail letter could be excluded from the deletionprocess, and may be saved. (Information such as deletion and/or creationof Email and/or database information, and/or other software information,responses to E-mail, etc. may be stored in a file and/or database andoptionally that database may be saved to Protected Storage to be used asneeded.

[0537] Further Description About Temporary Storage Areas

[0538] In one embodiment the temporary storage area may be “repaired” bydeleting files on it and then, for example, the one (or more) file(s)being worked on can be saved from the Explosion Room back to TemporaryStorage Area to be then saved to the Protected Storage Area. Thesequence of events does not need to happen in this order.

[0539] In one embodiment, no Temporary Storage Area is used, and insteadthe repair process and/or Method of Control may keep track of thefile(s) that is/are being worked on and/or utilized in the ExplosionRoom, and omits deleting that file(s) during the repair process. Adatabase and/or file and/or directory may be used for this purpose.

[0540] Additional Aspects and Embodiments

[0541] Optionally, Internet surfing software, and/or E-mail, and orother software may have their own isolated Explosion Rooms so that auser may work on documents and surf or check E-mail without crosscontamination. Optionally, a switching process can be used to switchback and forth between these the isolated areas, and/oractivate/deactivate communication with Explosion Rooms. In anotherembodiment, two or more Explosion Rooms may be active simultaneously,but may optionally be isolated until such time as it is safe toestablish communication. (for example, until repairs have beenconducted, and/or a method of communication is used that does not riskthe spread of a virus.

[0542] In one embodiment communication between Explosion Rooms and/orTemporary Storage, and/or Protected Storage, and/or other ExplosionRooms may take place without a repair first being conducted, and withoutrisking hacking and/or the spread of a virus. This may be accomplishedas follows: Decisions pertaining to coping data, deleting data, movementof data, etc. from one data storage to another would take place using acopy process that is controlled by a Method of Control that isindependent of the aforementioned areas . . . thus this code cannot beaffected by a virus. Additionally, optionally, the communication processmay utilize a copy process that does not allow code to execute.

[0543] In one embodiment the work areas can be viewed and/or interactedas independent and isolated video layers. Optionally, each area couldutilize isolated RAM and/or processing, and/or RAM and/or processingcould be shared between the isolated sides, and cleared before switchingtakes place.

[0544] Optionally, bookmarks and favorites user preferences, and othersoftware may be stored on a Protected Storage when not in use, thusprotecting such items from possible contamination and/or hacking.Optionally, to accomplish this, a database, and/or file, and/ordirectory may be created that contains a list of the associated filesthat must be copied from Protected Storage during use of an of anapplication and/or other software. Additionally a list may containdirections and/or locations that data must be copied to in the ExplosionRoom. Then, for example, on quitting the software, a database and/ordirectory may be consulted of what to copy back to Protected Storage,and the location(s) where data is to be stored in Protected Storage. Forexample, if the user selects Netscape to open, then the Method ofControl may check a directory of what needs to be copied from ProtectedStorage to an Explosion Room, and where those files are located, andwhere they need to be copied in the Explosion Room. Files such asNetscape bookmarks, user data, etc. may thus be copied to the properlocations in a copy of all or part of a Master Template located in theExplosion Room. Then when the user quits using the software, optionallya directory may be consulted listing files to copy and/or the locationsof where to copy files to the Protected Storage.

[0545] In one embodiment, rather than replacing the prior saved versionsof files, the older files may be retained. For example, when the updatedNetscape bookmarks and user data are copied back to Protected Storage,they may not replace the previous version of the Netscape bookmarks andhistory. Thus, the next time the data is used, if it is corrupt and doesnot operate properly, the Method of Control and/or user may run arepair, and switch back to using a prior version of the data.Optionally, files associated with the corrupt data may also bereferenced in a directory and may be not used and/or may be tested for avirus. In this example, next time Netscape is opened, a prior version ofthe bookmarks and User Data may be copied from Protected Storage to theExplosion Room. Optionally, code may be modified to automate the processof reverting to a prior version of the software automatically if filesmalfunction. For example if Netscape bookmarks failed to open properly,the Method of Control may automatically run a repair, (or switch to adifferent Explosion Room) and switch to using a prior version of thedata . . . thus an earlier version of Netscape bookmarks and possiblythe associated files (user data for example) could be copied to theExplosion Room for use.

[0546] Optionally, on a schedule (for example, hourly) the Method ofControl may for example activate a connection with an Explosion Room,may automatically check to see if there is a new virus checkeravailable, and if so, download the virus checker, disconnect networkcommunication, run a repair, activate communication with the ExplosionRoom(s), and/or Protected Storage(s), and run the virus checker.Optionally the virus check may also be run on all downloads. In thisexample, events need to happen in the order listed.

[0547] In one embodiment multiple independent Explosion Rooms can beutilized, and each may have (optionally) its own volatile memory and/orRAM disk, and/or RAM, and/or shell, and/or other form of data storage,and may have associated processing, and/or RAM, and/or ROM, and/or I/O,and/or video, and/or computing. In one embodiment, during execution ofuser data, the Explosion Room may be isolated, whereas following arepair communication may be established, for example, with ProtectedStorage, or a network connection.

[0548] Rather then repairing a copy of a template in a Explosion Room,the Explosion Room can be deleted and the next Explosion Room can beutilized. Thus, no repair time is required. For example, when a documentis quit, instead of running a repair, the Self Repairing User Work Areamay be deleted or “removed from service” for repair, and a new and/orrepaired Explosion Room may be utilized. Alternatively, multiple shellsmay be utilized, and the entire contents of the shell can be deleted,and the next shell can be used. Multiple shells and/or RAM and/orExplosion Rooms in volatile memory can be created and made ready for useas needed. These shells and/or RAM disks and/or Explosion Rooms involatile memory may be isolated from each other to prevent crosscontamination.

[0549] In one embodiment, although an Explosion Room may be isolatedfrom the user, it may have communication with a repair template andundergo a repair process, and/or a process of creation of a new copy ofall or part of one or more Master template(s).

[0550] In one embodiment, a secondary comparison can be run after therepair to make sure that no viruses or other software has somehowsurvived the repair process. In the event that anything did survive,optionally the entire contents of the RAM disk can be deleted andre-created from scratch from the read-only Protected Master TemplatePartition.

[0551] In one Embodiment, data may be transferred between the ProtectedStorage and the Temporary Storage by using a process that preventsexecution of data during the copy process. This may be achieved forexample by direct memory access, and/or a process of encoding data,and/or use of a specialized ASIC that for example may perform “dumb”copying, and/or any other method of copying that does not allow the databeing copied to execute.

[0552] In one embodiment only the software the user needs to use at themoment (optionally including an operating system) is copied into theExplosion Room. Thus, the repair process may run more quickly becausethere is much less data to compare, and/or copy during the repairprocess than if all of the applications, utilities, games, and internetsoftware was loaded into the Explosion Room.

[0553] Alternatively, in a different embodiment, one or more set(s) ofsoftware frequently used by the user(s) can be loaded into ExplosionRooms. Optionally other software, for example, less used software can becopied into the Explosion Room(s) only as needed.

[0554] Any number of Explosion Rooms may be created containing any mixand match combinations of software and/or copies of all or part oftemplates. Some Explosion Rooms may contain one set of software, whereasother Explosion Rooms may contain identical, and/or other sets ofsoftware. Optionally, Explosion Rooms may be held in a state that isisolated from the Explosion Room then in use, so they are protected fromviruses and hacks. Communication with one or more of them may beestablished as needed.

[0555] In one embodiment, when an application is needed: if theExplosion Room that is in use does not contain desired software, thesoftware needed may be copied from a Master Template. Thus, for examplecode could check to see if software is located in an Explosion Room, andif not search a database and/or directory and/or file of mastertemplate(s) and/or their contents for the software needed.

[0556] Optionally, for example, two or more Explosion Rooms can becreated, one that, for example, has a complete Master Template, andanother that, for example contains only abbreviated set of frequentlyused applications and the operating system. Optionally, when software isneeded, if the Explosion Room does not contain the software, therequired software may be added to the Explosion Room, by copying it froma Master Template that may for example contain the full set of the userssoftware and may optionally contain an operating system.

[0557] Optionally, if software needed is not contained in an ExplosionRoom, communication with a second Explosion Room, which may contain forexample the full set of the users applications and operating system, canbe established and the program can be opened.

[0558] In one embodiment, prior to copying from Protected Storage to theExplosion Room, a repair may be run to eliminate all viruses and hackingsoftware, and then communication between Protected Storage and theExplosion Room may be established, the data may be copied from ProtectedStorage to the Explosion Room, communication between the Explosion Roomand Protected Storage may be terminated. Optionally, if RAM(s), RAMdisk(s), ROM, shells, and/or other data storage device(s) are used asmultiple Explosion Rooms, new Explosion Rooms may generated in advancecontaining the software needed by the user. Events do not necessarilyneed to take place in this order.

[0559] Optionally, an Explosion room can be switched from read only, toread write and/or locked to unlocked as needed for communication.

[0560] In one embodiment, the Protected Storage(s) and/or the ExplosionRoom(s) can be run as sub-system(s).

[0561] Optionally, a control system and or Method of Control (that maycontain an operating system) can be run as an isolated and/or read onlyprimary system, and the Explosion Room, can be run as sub-system(s).Optionally, a Method of Control can run as a sub-system.

[0562] In one embodiment, a system used to catch hackers andcyber-terrorists can be included as follows:

[0563] Explosion Room(s), and/or Partition(s) and/or data storagedevice(s) may be included that contain information that hackers/cyberterrorists could see over a network, but is not visible to the computeruser and/or may be isolated from the user. The Explosion Room(s) maycontain what appears to be tantalizing user data, passwords, etc. TheExplosion Rooms could also contain what appears to be security software,but such software may be designed to be intentionally “hackable”. TheExplosion Room(s) may contain software that when copied and/or accessedand/or copied and/or accessed without proper identification sends outinformation (for example to law enforcement authorities) providingpertinent information such as it's location, the users e-mail address,internet service provider settings and other relevant information.Herein, data storage devices, partitions, and/or software used for thispurpose may be referred to as an Anti-Theft/Anti-Cyber terrorist System.In one embodiment, when network communication is deactivated for theExplosion Room(s) in use, communication may be kept active with anAnti-Theft/Anti-Cyber terrorist System.

[0564] Optionally, a means of identifying the computer user can be used,(ie: password, retina scan, thumbprint, voice ID, etc.) and if the useridentity is not correct, an Anti-theft/Anti-Cyber terrorist partitionand/or Explosion Room may be made available to the user, the ProtectedData may be locked, and/or encrypted, and/or may be made unavailable,and/or destroyed. Optionally, while the unauthorized user is accessingthe bogus files on the Anti-Theft data storage device, and/or partition,and/or Explosion Room, an alert can be sent out over the network, and/orphone system to authorities.

[0565] Optionally, the repair process and or Method of Control couldbackup data, reboot the computer to a working startup data storagedevice, reformat data storage devices as needed, and copy data back asneeded. Optionally, the repair process may utilize a dedicatedcontroller and code to perform these processes.

[0566] Optionally, prior to activating network communication: some orall E-mail to be sent can be encrypted. Optionally, a repair can beconducted which would eliminate keystroke recorders and other maliciouscode. These steps could make it more difficult for a hacker to gainaccess to the data over a network.

[0567] In one embodiment, the Method of Control could make partitionsvisible and/or invisible. Optionally, visibility of partitions can bepassword protected, hardware switched, or other means of changingvisibility that can not be tampered with by software. The Method ofControl can be isolated as needed, for example isolated from anExplosion Room during the time that user data is executed. The Method ofControl have an isolated video signal. Optionally, the video single mayoverlay one or more other video singles on the monitor in an isolatedmanner, so that video data can not be hacked into (for example from anetwork, and/or from code executed in an Explosion Room. Optionally, theability to take a snapshot and/or access both video signals (the primaryand/or the secondary and/or others) can be disabled.

[0568] Optionally, in one embodiment, Protected Storage can be read onlyand/or locked until the Method of Control receives a command to movedata to an Explosion Room. Thus, in this example, if a user selects adocument in the Protected Storage to open, code (that may for example beinstructions in ROM and/or an operating system) could instruct theMethod of Control to conduct a repair. Then following a repair theMethod of Control could switch Protected Storage to read-write and/orunlocked. Data can be copied from the Protected Storage to the TemporaryStorage and/or Explosion Room. These events may take place in otherorder, may contain additional and/or other steps, and/or may not containsome of these steps.

[0569] Optionally, one or more operating systems used by the computermay be located on one or more Self Repairing User Work Area(s), and/orisolated data storage device(s), and/or subsystem(s), and/or across anetwork, or elsewhere.

[0570] Optionally, if an operating system and/or data storage deviceformat is damaged, and/or other damage occurs that prevents the computerfrom operating properly, a secondary system can be utilized to operatethe computer and/or conduct and/or initiate the repair process. Thefirst system may be repaired/replaced as needed.

[0571] Optionally, one or more copies of master templates and/oroperating systems can be readied in isolation, and when neededcommunication can be activated with them, and communication may bedeactivated with the one(s) that had been in use (or the one(s) that hadbeen in use can be deleted and/or deactivated and/or disabled.

[0572] In one embodiment, one or more primary operating system(s) can beused to run one or more secondary operating systems. OptionallyExplosion Room may contain secondary operating systems.

[0573] Optionally, the primary operating system(s) could be read onlyand/or use protected processing, and/or protected memory and/or beisolated from Explosion Rooms that are in use.

[0574] Optionally, the primary operating system could run the generaloperations of the computer in an isolated and/or independent manner thatprotects the basic operation of the computer. Optionally the primaryoperating system could also be used as a control system for thesecondary systems, and/or a separate control system could be utilized.

[0575] Optionally, Explosion Rooms may run primary and/or secondaryand/or additional operating systems.

[0576] Optionally multiple Explosion Rooms may operate simultaneously,so that if one “crashes” and/or is quit and/or closed, and/or no longerneeded, another Explosion Room is ready to take the place of theExplosion Room that was in use. For example, the Method of Control mayswitch to a secondary Explosion Room, and/or activate communication witha secondary Explosion Room.

[0577] The user(s) and/or software may interact with one or moreExplosion Room(s) at a time. Optionally, these Explosion Rooms may beisolated during execution of user data, but following arepair/replacement communication could be established with the WorkArea(s).

[0578] In another embodiment, Explosion Rooms would be unable tocommunicate. Instead a Method of Control would copy data between theExplosion Room(s), Protected Storage, and/or other locations. Thus, forexample, a virus could never send a command to copy itself to aProtected Storage. Instead, for example, the Method of Control couldcopy data to protected storage when the data was saved and/or quit. Inone embodiment, in order to accomplish this, the method of control mayfor example check a file, and/or database, and or directory, todetermine which files had been copied from Protected Storage to theExplosion Room, and which new files had been created by the user.Optionally, in the event that one or more new files were created in anExplosion Room, the Method of Control may confirm with the user that thefiles should be saved to protected storage and/or Temporary Storage.

[0579] In one embodiment, code associated with Protected Storage may notpermit data to execute and/or may not support execution of data inProtected Storage) Thus, in this embodiment, no user data can execute inProtected Storage. Optionally, communication with Protected Storage maynever be established with an Explosion Room prior to a repair, and priorto a new network connection with that Explosion Room, and/or prior tothe opening of any user document. Thus, Protected Storage is imperviousto hacking, and the execution of viruses.

[0580] In one embodiment, secondary operating system(s) may utilizeprotected and/or unprotected memory and/or processing. In the event thatprotected memory is utilized, one or more of the secondary operatingsystems may be isolated from each other. Thus, when one system crashes,and/or is no longer to be utilized, the computer may switch to anothersecondary isolated and/or protected operating system.

[0581] In one embodiment, Explosion Rooms may each be identical to eachother, and/or may have differences from each other, and/or act as “timedelayed” mirrors. In one embodiment secondary Explosion Rooms may beidentical, but keystrokes and/or input may be sent to multiple ExplosionRooms in a delayed manner. Thus, some Explosion Rooms may be timedelayed so that if a Explosion Room crashed, the control system couldswitch to a time delayed Explosion Room.

[0582] Optionally the user could be warned not to do what they had done,in order to avoid a crash. Optionally, if the computer crashes again,the control operating system could switch to an even more time delayedExplosion Room, hoping to avoid the sequence of events that caused thecrash. Optionally as needed the control system could switch tosuccessively older Explosion Room until a crash is successfully avoided.Optionally, in the event of a crash, data in volatile memory mayoptionally be saved to non-volatile memory.

[0583] In one embodiment the Method of Control may utilize a processwatcher and/or crash detection system to determine whether to switch tosecondary system Explosion Rooms, and optionally may diagnose problemsso that problems may be avoided when switching to successively olderExplosion Rooms.

[0584] Optionally, when an Explosion Room crashes and/or is closedand/or quit and/or is no longer needed, some or all of the contents ofvolatile memory that is associated with it may be kept to use withsubsequent Explosion Rooms, and/or may be deleted. Optionally, thecontrol system could delete and/or clear, and/or replace, and/or modifyand/or repair the contents of volatile memory.

[0585] Optionally, in one embodiment a control system could utilize oneor more RAM disks, and/or ROM, and/or RAM, and/or volatile memory and/orshells, and/or other data storage devices and associated processingand/or memory. The control system could replaced as needed by switchingto a secondary control system. A secondary control system can watch afirst control system for malfunctions and switch it as needed.Optionally, a process watcher may be utilized for this purpose.Optionally, a control system can function in a manner similar to anExplosion Room, and/or may utilize an Explosion Room.

[0586] In one embodiment, data in volatile memory may be copied, and/orsaved, and/or backed up to another memory area and/or logic controldevice prior to executing a command. Successive backups of data prior toexecution of commands may be stored. Then, when a command is executed,and if a problem such as a freeze occurs, a new secondary system and/orsecondary Self Repairing User Work Area can be used, and/or optionallybackups of volatile memory may be loaded into volatile memory. This mayprovide a good copy of volatile memory for use. If a problem or freezeoccurred again, an older version of the saved volatile memory may beutilized. Optionally user(s) may be notified of the problem and asked tochange what they input, and/or how they input data, and/or otherbehavior. Optionally a process watcher and/or error detection system maybe used to identify problems. Optionally, when a secondary ExplosionRoom is used, the Method of Control may choose to utilize an earlierbackup of volatile memory, and/or command the secondary system to treatthe data differently to avoid a crash.

[0587] In one embodiment, a method of control could conduct the copyingand/or backup process, so that it could not be influenced by maliciouscode in an Explosion Room.

[0588] In one embodiment an isolated primary operating system could beused to run the basic operations of the computer, and secondaryoperating systems could be used as Explosion Rooms.

[0589] References to volatile and/or non-volatile data storage devicesare examples only. Herein, any form of data storage device can be used .. . data storage devices can be mixed and matched as desired. Pleasealso note that data storage devices can consist of hardware, and/orsoftware, and/or a combination of both. All hardware devices andfunctions can be performed by software and/or “virtual hardware” asdesired.

[0590] Example of One Particular Embodiment:

[0591] Here are some highlights of the concepts in this example:

[0592] The user normally does work (or interacts with programs)utilizing an Explosion Room that (until a repair has run) is isolatedfrom the data storage device where the user data (E-mail, documents,etc.) is stored (Protected Storage). Following a repair communicationwith the Explosion Room may be established.

[0593] The only document that is copied to the Explosion Room is thatdocument (or in some cases documents), that the user is going to work onin that session. (A session is a period of computer use until a repairon the Explosion Room is performed). No other user data is accessible,no other data is copied to the user work area.

[0594] Thus if a virus were to trigger, or if hacker software waspresent, the virus or hacking software would ONLY have access to thedocument(s) the user was then working on. typically only one document.

[0595] Optionally, each time that the user quits a document it is savedto the Protected Storage. Optionally, a method of copying may beutilized in which data can not execute.

[0596] In one embodiment, each time that the user quits a document theExplosion Room may be repaired in a manner that deletes all known andunknown viruses and hacking software.

[0597] Optionally, this repair may be performed using one or moremethods. For example a Master Template can be used to make the ExplosionRoom identical to some or all of one or more Master Templates. All datathat is missing, modified, or changed may be replaced by copying datafrom the Master Template.

[0598] Optionally, another method of performing the repair, for example,is to prepare multiple Explosion Rooms in isolation. These ExplosionRooms could be in the form of RAM disks, RAM, shells, volatile memory,or other data storage and may have associated RAM, and/or processing,and/or computing, and could contain copies of all or part of one or moremaster templates. Isolation could be created for example by activatingand/or deactivating communication to switch a Explosion Room from beingan isolated backup, to being the current Explosion Room.

[0599] Tracking Data:

[0600] In one embodiment, information pertaining to files, folders,data, databases, directories, location, size, date of modification,and/or other information may be stored in isolation from the ExplosionRoom. For example, this data may contain information pertaining to whatE-mails a user has opened, sent, the contents of the users “In” box“out” box, what file(s) has been copied to the Explosion Room, whatfile(s) needs to be copied back to the Explosion Room where files shouldbe saved to, etc. This data may be stored in one or more memory areas,that may be isolated, and/or may be stored in, for example, a ProtectedStorage area, and/or stored as part of data used by the Method ofControl, and or stored on any data storage device.

[0601] In a typical computer, files and/or data that is normally storedon a hard drive and/or in an operating system may get updated or changedduring use of the computer . . . for example on a Macintosh computer,the desktop database may be updated. In one embodiment, unlike acomputer of the prior art, in this embodiment, updated files may bestored to a protected and/or isolated storage device, such as, forexample Protected Storage, and/or storage used by the method of control.These and other files may optionally be copied into and from protectedand/or isolated storage as desirable, and/or some and/or all of theirdata may be saved to protected storage. Thus, to avoid destruction ofthese files they may optionally be saved and not destroyed by the repairprocess. They may also be recreated as needed. For example, optionally,a desktop database may be created when a new Explosion Room containingcopies of all and/or part of one or more Master Templates is created.

[0602] Optionally, in one embodiment, in the event that one or moreunanticipated, and/or unidentified files appears in the TemporaryStorage Area, (for example one or more files that do not appear in aprotected database of information pertaining to what data should be inthe Temporary Storage Area) the code, for example, in the Method ofControl and/or operating system, and/or ROM may draw such files to theattention of the user. The user may be given the option of destroyingand/or saving the file(s), and/or marking the file(s) to indicate thatthe file(s) is/are some way questionable, and/or may need furtherinspection and/or validation. In another embodiment the unidentifiedfiles may be deleted and/or saved to a data storage device and/or markedfor further inspection, and/or may be automatically and/or manually sentsomewhere for further examination, for example to a networkadministrator and/or a virus inspection entity.

[0603] In one embodiment, a “typical” computer may be modified asfollows:

[0604] In one embodiment, a Protected Master Template on a non-volatiledata storage device is used as needed to repair a locked or read onlyHigh Speed Master Template in volatile memory. For example, imagine thatit was decided to place a Protected Master Template on a non-volatiledata storage device, but to place a High Speed Master template on avolatile data storage device.

[0605] Optionally, the Protected Master Template may be locked and/orread only. Optionally, the Protected Master Template may be usuallypowered off, or put in sleep mode. Optionally, a switching processcontrolled by a Method of Control may be used to perform the functionsof switching power to Protected Master Template, and/or lock/unlock,and/or make read/write data storage devices as needed. Optionally, codein ROM and/or on the hard drive controller and/or the Method of Controlmay be modified to support this process.

[0606] In one embodiment a “typical” computer is modified as follows:

[0607] An Explosion Room is included, a means of repairing and/orreplacing the Explosion Room via copying from a master template, a meansof resetting, and/or clearing, and/or erasing RAM, and/or volatilememory, a means of resetting, and/or clearing, and/or erasing TemporaryStorage, a means of unlocking and/or locking and or making read onlyand/or read write data storage device(s), a means of switchingcommunication with Data Storage Device(s), and/or a means of protectingdata on storage devices which may be housed within a computer systemand/or externally.

[0608] In one embodiment Protected Storage(s) is/are normally madeinaccessible by any means prior to a repair process, for example whenuser data is being executed, when user data has been executed and priorto a repair, when network connection has been made and prior to arepair. For example, in one embodiment Data Storage Device(s) could beswitched to read only; switched off; switched inactive; could havecommunication deactivated; etc.

[0609] In one embodiment one or more temporary Data Storage Device(s)may be used to temporarily store data and/or may act as scratch disk(s)and/or may be utilized by applications, software, programs, and/or theoperating system as needed. This temporary Data Storage Device mayconsist of volatile and/or non-volatile memory.

[0610] Optionally, a copy of a template may be stored on a temporarystorage device and/or other Data Storage Device(s). This template copymay contain applications and/or software needed by the user, and/orrepair software, and/or one or more operating systems, and othersoftware as desired.

[0611] In one embodiment, one or more Data Storage Device(s) may behardware and/or software switched between read only and read/write modesand/or locked and/or unlocked mode, and/or accessible and/orinaccessible mode. In one example, a user may open a file from a readonly Data Storage Device, does work on the file, and when the user savesthe files is saved to a temporary storage area. Optionally, on closingsome or all files, logic and/or Method of Control may perform one ormore of the following steps, clear and/or reset RAM, clear/resetprocessor, and/or make one or more data storage devices unlocked and/orlocked, and/or read/write and/or read only, move data from temporarystorage to Data Storage Device, close/lock/make read only one or moredata storage device(s), optionally clear/reset temporary storage area,(optionally run repair process), wait for next user command. In oneembodiment, Temporary Storage may consist of volatile and/ornon-volatile memory. In one example: random access memory and/or flashROM, and or other data storage may be used.

[0612] In one embodiment, to copy data between documents, data to copymay be loaded into one or more specific address(s) in RAM and/orvolatile memory. When receiving a paste command the data may becommunicated by use of a copy process that does not allow data toexecute.

[0613] In one embodiment the Method of Control may control the processof locking and/or unlocking/and/or making read only one or more DataStorage Device areas. Optionally Method of Control fictions may beperformed by the primary logic used by the computing device, andoptionally may be performed in an isolated manner. Optionally, themethod of control could be switched between read only and read/write asneeded, and/or communication with it could be restricted, for example toafter repair a process had run.

[0614] In one embodiment, prior to running a repair, (and/or othercriteria may be used), Protected Storage area may be locked and/or readonly.

[0615] Associated data may be associated with a particular file by usinga database of associated files and/or data, and/or by any method ofassociating data with a file.

[0616] In one embodiment a repair may be run after one or moretransactions. In one embodiment a new Explosion Room may be used afterone or more transactions. In one embodiment, an Explosion Room can beused as a master template.

[0617] In another embodiment, a Method of Control and/or for exampleROM, may suspend and or discontinue all processing data in an ExplosionRoom. Then, a clean operating system (not the one that had been in usein the Explosion Room) and code for copying data may be used to copydata. For example, while processing is suspended in the Work Area, aseparate memory such as for example ROM and/or a Method of Control, canbe used to perform such functions as enabling communication withProtected Storage and/or copying data to and/or from Protected Storage,and/or enabling other operations with a second Explosion Room. Forexample allowing another Explosion Room to conduct process, such aschecking E-mail. Then, the Method of Control may suspend activity of theSecond Explosion Room and let a third and/or the first Explosion Roomcontinue processing data.

[0618] In one embodiment, a Method of Control may “referee” whichExplosion Room(s) data is being processed, and/or utilizing RAM, and/orutilizing computing ability. The Method of Control may switch back andfourth between giving the right to use computing and/or processing dodifferent Explosion Rooms depending on a variety of criteria. Forexample, if the user is working in one Explosion Room on a wordprocessing document, and then suddenly selects the E-mail software,processing may be suspended for the Explosion Room that has the wordprocessing document open, and activated for an Explosion Room containingE-mail software. Then, the user may type part of an E-mail, and thenselect the word processing document again. Then, for example, the Methodof Control may suspend processing for the Explosion Room containingE-mail software and activate processing for the Explosion Roomcontaining the word processing document.

[0619] In one embodiment, although files may not be opened in ProtectedStorage, they may be, for example but not limited to: copied, moved,deleted, flagged, backed up, archived, and other such functions.Optionally, additional data storage devices and/or backup and/or archivedata storage devices may be attached and/or in communication withProtected Storage. In this case, files may be copied, and/or backed up,and/or archived to and/or from such data storage devices. In oneembodiment, in the event that such data storage is across a networkand/or may pose a risk to Protected Storage, rather than directlyconnecting such possibly risky devices directly to the ProtectedStorage, they may be connected to an Explosion Room, and, optionallyfollowing a repair, data may be copied from Protected Storage to anExplosion Room, and then from the Explosion Room to the network attachedstorage and/or other potentially risky attached and/or other device thatmay be in communication with the Explosion Room.

[0620] In one embodiment, network communication may be disabled exceptwhen the user is actively receiving or sending E-mail, surfing the web,downloading/uploading a document, and/or requiring other network access.

[0621] Optionally, when network communication is enabled, communicationmay be disabled between the Protected Storage and the Explosion Roomconnected to the network.

[0622] Using these techniques, a hacker who is attempting to break intothe computer from the network only has the opportunity to hack during avery limited time, and during that time has no access to the users datalocated on the protected hard disk. Optionally, the rest of the time thehacker could only view and/or hack into the optional Anti-Theft,Anti-cyber terrorist Explosion Room.

[0623] In one embodiment, assume for example that a document is receivedby the user and that that was saved to the protected hard disk, wasinfected with malicious code. It doesn't matter that the document isinfected because: 1) when the user had the infected document open thevirus was unable to access the user data to damage or infect it, becausethe user data is stored in Protected Storage that is “protected”, forexample the power may be turned off, and/or, the communications link istoggled “off” 2) the malicious code was unable to permanently damage thesystem software or applications thanks to the repair process, and 3) amethod of copying the data is used that prevents the unknown virus fromexecuting 4) While in Protected Storage, the malicious code is unable tocause damage because it can not be opened and/or executed in ProtectedStorage because code associated with protected storage may not enableopening of data. In this manner known and unknown viruses and unknownhacking software is made impotent.

[0624] Optionally, changes to bookmarks/favorites, and other changes maybe auto saved to Temporary and/or Protected Storage.

[0625] In one embodiment, this is an example of one possible dialog whenbutton is pushed:

[0626] “A fast (1-3 minutes) repair will start in 20 seconds.

[0627] Push button again to cancel repair or select any of thesefunctions:

[0628] Cancel repair

[0629] Set preferences

[0630] Change, remove, or copy from a Master Template

[0631] Make, copy from, or delete a backup

[0632] Change the quality of repair (diagnostic only, fast, better,best)

[0633] Exit”

[0634] Of course variations on this dialog may be expected and is onlyexemplary.

[0635] In one embodiment, control over this dialog and related functionsmay be performed by a controller that is isolated from the ExplosionRoom(s), so no virus could influence these functions.

[0636] In another embodiment, an isolated controller is not required.Instead, there can be communication between the main computer and acontroller in a manner that may be for example password protected,encrypted, or other method of providing secure communication and/or toverify the validity of the communication. In this embodiment thecontroller could interact with the main computer, and optionally, themain computer may take commands from the controller and/or optionallythe controller may take commands from the main computer.

[0637] In another embodiment, for example, a repair could be required(deleting viruses and hacks) prior to accepting other commands such asto modify a master template, delete backups, etc.

[0638] Optionally, in order to run commands that would changepreferences, modify master templates, delete backups, etc, a repair mayrequired and/or functions in RAM and/or being processed could be clearedand/or terminated and/or suspended in order to prevent a virus orhacking program from influencing the process, or gathering data.

[0639] Herein the term isolation may be used to convey the concept thatat times what is being described is isolated; at specific other times asdescribed herein it may not be isolated. For example, an Explosion Roommay be isolated when user data is executing, and until a repair processruns. Then, to run a repair process, communication may be establishedwith, for example a read only Master Template, a repair may beconducted, and then other communication may be established with theExplosion Room, such as communication with a network. Isolation isutilized as needed and when needed to prevent hacking and the spread ofviruses.

[0640] Session: A session is a period of computer use until a repair orreplacement of a Explosion Room is performed. For example in oneembodiment if the user quits a document, the document may be saved, thesession ends. A repair or replacement of the Explosion Room takes place,the user opens the next document.

[0641] Saving a document may happen before and/or after, and/or during arepair, depending on the embodiment. For example, in one embodiment, adocument may be saved to a Temporary Storage Area, a repair and/orreplacement of the Explosion Room that had been used may take place, andthen the document may be saved from the Temporary Storage Area to theProtected Storage Area.

[0642] In an example of another embodiment, a copy process may be usedthat prevents the execution of a virus, so the document may be saved tothe Protected Storage prior to a repair.

[0643] In an example of another embodiment, processing of user data maybe suspended and then data may be copied to the Explosion Room

[0644] “Disposable copies” of Master Templates used in the ExplosionRoom may be created in many ways and using a variety of criteria. In oneembodiment a variety of Master Templates in Explosion Rooms may becreated. Criteria for creating Master Templates may be established. Forexample one criteria could be based on selecting programs commonly usedon the computer/computing device. For example, assume that a computeruser most commonly uses 1) a word processing program 2) an E-mailprogram 3) two internet browsers and a utility that prevents pop-ups anda program that tracks on-line auctions; and to a lesser extent uses avariety of other applications, games, utilities and/or other programs.Using this example Master Template(s) could be created using each ofthese needs as criteria. Thus one Master Template may contain anoperating system and a word processing program; another Master Templatemay contain an operating system and an E-mail program. Another MasterTemplate may contain an operating system, two internet browsers and autility that prevents pop-ups and a program that tracks on-lineauctions; and yet another Master Template may contain all of the userssoftware.

[0645] In another embodiment, one (or more) master templates may becreated, and only the parts of the Master Template that are needed tomeet a criteria may be copied to create one or more Explosion Room(s).For example, there could be one master template, but it could be used tocreate parts of a Master Template in one or more Explosion Rooms. Forexample, using the criteria mentioned above, one Master Template may beused to create Explosion Rooms that are readied for possible use by theuser. An example of those Explosion Rooms might be:

[0646] 2 Explosion rooms containing an operating system and the parts ofa master template needed to open a word processing program.

[0647] 2 Explosion rooms containing an operating system and the parts ofa master template needed to open an E-mail program.

[0648] 2 Explosion rooms containing an operating system and the parts ofa master template needed to open two internet browsers and a utilitythat prevents pop-ups and a program that tracks on-line auctions.

[0649] 2 Explosion rooms containing an operating system and the parts ofa master template needed to open all applications, games, utilitiesand/or other programs.

[0650] Then, in this embodiment, for example if the user selected a wordprocessing document to open, then communication could be establishedwith one of the Explosion Rooms containing an operating system and theparts of a master template needed to open a word processing program.

[0651] Optionally, for example, if the user wanted to conduct researchon the internet while doing word processing, a second Explosion Room canbe utilized to surf the web while the user is simultaneously doing wordprocessing in the first Explosion Room. In this case the two ExplosionRooms, processing, RAM, video, etc. may be isolated. Separate and/orshared Protected Storage may be utilized in this case.

[0652] A database and/or directory may be maintained by the software tokeep track of which components of a master template are needed for whichprograms to operate correctly. This database/directory may for examplebe automatically created by software during the installation process(there are already various programs on the market that keep track ofwhat is installed during software installation), and/or such adatabase/directory may be listed provided by the manufacturer and/orother service and/or entity. For example such a database may be providedas a download from the web, may be included when software is sold,and/or through other means.

[0653] In another example of an embodiment, assume there are multipleusers of a computer and/or a desire for different software setups fordifferent situations and/or uses. A variety of templates may be created,and/or parts of one or more templates could be selected for creatingfull or partial copies of Master Templates in Explosion Rooms fordifferent users.

[0654] In one embodiment a user may be identified, and based on the usera database of Explosion Rooms containing various templates and/or partsof templates can be established. Thus, for example, when “Mary” logs inand/or is identified as the user, one or more Explosion Rooms may becreated containing each containing a copy of one or more copies ofMaster Templates and/or copies of parts of one or more Master Templatesuseful and/or appropriate for Mary. When Mary logs out and/or leaves,and “Fred” logs in and/or is identified as the user, one or moreExplosion Rooms may be created, each containing a copy of one or moreMaster Templates and/or copies of parts of one or more Master Templatesuseful and/or appropriate for Fred. For example in this embodiment, whenFred is identified as the user Explosion Rooms may be created containingcopies of all and/or part of Master Templates each containing anoperating system and photo editing software; and other Explosion Roomscontaining an operating system and E-mail software; whereas when Mary isidentified as the user Explosion Rooms may be created containing adifferent E-mail program than Fred uses, and music editing software; andyet other Explosion Rooms containing a Latin word processing program anda Latin Dictionary.

[0655] Explosion Rooms may be primary systems, and/or subsystems and/orcontain subsystems, and/or may comprise one and/or part of multiplesystems and/or subsystems.

[0656] In some embodiments use of an operating system as part of aMaster Template may not be necessary.

[0657] In one embodiment, the user may be able to select which ExplosionRoom(s) to utilize/open, and may copy data to the Explosion Room(s).Optionally, selection of Explosion Rooms and/or copies of MasterTemplates to use may happen automatically, and may be orchestrated bycode. For example if the user selects a word processing document toopen, when the document is selected code may execute that searches foran Explosion Room containing the appropriate Word Processing software,and/or may check a database and/or directory to identify the location ofthe appropriate software, and/or use other means to identify the correctsoftware, and/or Explosion Room to utilize.

[0658] Input/Output (I/O) may be isolated, video may be isolated, theability to do screen snapshots and/or captures may be disabled, and/orisolation of video may be utilized to prevent screen captures ofisolated data.

[0659] In one embodiment, data storage devices and/or controllers may bemodified so that they may be physically switched in hardware and/orsoftware can be used to activate/deactivate the data storage deviceto/from read only to read/write and/or read/write to read only, switchedfrom locked to unlocked and unlocked to locked, on/off, in sleepmode/out of sleep mode, etc. Optionally, pin outs and/or jumpers, and/orsoftware that is isolated from the Explosion Room(s), may be used forthis purpose.

[0660] Evidence and Documentation

[0661] In one embodiment, hacking software, viruses, spy software,software that sends messages without the knowledge or consent of theuser, and other undesirable software may be kept as evidence. Ratherthan destroying such software during a repair, it can instead be placedinto isolation using an isolated data storage device and or StorageRoom.

[0662] In one embodiment, if a user selected a document to open, forexample, a word processing document, a Method of Control could trigger aprocess in which, optionally, a database and/or directory could bechecked/searched to see which/where there was an explosion roomcontaining an application needed to open the document. Alternatively, asearch of the explosion rooms could be conducted to determine thecontents of the Explosion Rooms. Additional criteria may be utilized toselect an explosion room. For example if there are multiple templatescontaining

[0663] In one embodiment, if an Explosion Room is selected for use, andthe user starts work utilizing that Explosion Room, and then decides toopen an additional document requiring software that is not contained inthe Explosion Room that is then in use various solutions are possible.For example:

[0664] Open separate isolated explosion room, optional copy between databetween rooms/documents using method to copy in which code cannotexecute.

[0665] Switch to Explosion Room that contains both Applications needed.

[0666] RAM cleared as needed during repair process, and/or as neededduring copy process.

[0667] Upon identifying an Explosion Room containing the correctapplication to open the document, communication with that Explosion Roomcontaining a copy of part or all of one or more Master Templates may beactivated

[0668] In one embodiment, upon identifying the correct Explosion Room toactivate communication with, and activating that Explosion Room,optionally the word processing document that had been selected by theuser could be copied to the explosion room, then optionallycommunication with the Protected Storage could be deactivated. Then thedocument(s) could be opened. Then the user may modify the document, andwhen the user quits the document it may be automatically and/or manuallysaved to temporary storage (in one embodiment) and/or to ProtectedStorage (in one embodiment). If it is copied to Temporary Storage, thena repair of the Explosion Room and/or associated RAM may be conductedprior to conducting a repair process and/or deactivating the ExplosionRoom and activating a new Explosion Room.

[0669] User then may then, for example, select another document to open.

[0670] Embodiments of Computer System and Method Capable of SupportingMultiple Independent Computing Environments

[0671]FIG. 15 illustrates an embodiment of the invention includingspecial purpose sub-systems and a common controller within a computersystem that is coupled with a number of peripherals including a display,keyboard, and mouse. As illustrated, a separate logic control device1180 may be coupled between a first and second special-purposesub-systems.

[0672]FIG. 16 illustrates an embodiment of the invention includingspecial purpose sub-systems and a common controller within a computersystem that is coupled with a number of peripherals including a display,keyboard, and mouse. As illustrated, a controller system may be coupledbetween a first and second special-purpose sub-systems.

[0673]FIG. 17 illustrates a laptop computer system, according to theprior art.

[0674]FIG. 18 illustrates a laptop computer system incorporating oneembodiment of the present invention.

[0675]FIG. 19 illustrates a schematic system for supporting multipleindependent computing environments, including a computer system capableof supporting multiple independent computing environments may be used toprevent computer hacking. Such a computer system may include a pluralityof data stores, a switch system, an I/O system, and one or morecomputing environments.

[0676] One or more data stores may be coupled with the computer system.A data store is representative of a memory area. The data store mayrepresent the memory area that corresponds to a disk drive and/or aportion of a one or more disk drives. According to one embodiment of thepresent invention, a data store may contain a copy of a master template.One example of a master template is described in the section identifiedas “Computers that defend against viruses, hacking, spy software,cyber-terrorism, theft, and make malicious code irrelevant”.

[0677] A protected data store represents a data store that is used forstoring information independently of a given processing environment thattypically performs processing based on the contents of the storeinformation. According to one embodiment of the present invention, auser file (such as, for example, a user's document) may be stored on aprotected data store. Ideally, user edits of the corresponding documentare performed independently of the original version of the document thatis stored on the protected data store.

[0678] One or more data stores may be used to define a protected datastore. According to one embodiment of the invention, the protected datastore may be used to store user data files independently of a processingenvironment that modify the user file. According to one alignment of thepresent invention, a user's decision to edit the document causes theoriginal version of the document to be copied from the protected datastore to a second data store. A user computing environment that can becoupled with the second data store for editing the original document maybe used to create a second version of the document. An action by theuser, such as, for example, saving the second version of the document,generates a series of instructions that copies the second version of thedocument from the second data store back to the protected data store.Copying the second version of the document back to the protected datastore may overwrite the original version of the document.

[0679] The general switch system may be used to couple one or more ofsource and one or more of destination to support a communication betweensource and the destination. The communication may support bi-directionalcommunications between a source and a destination. The general switchsystem may be coupled with a switch configuration that is used todetermine which sources are to be coupled with which destinations. Thegeneral switch system may be implemented in hardware, software, and/or acombination of hardware and software.

[0680] According to one embodiment of the present invention, the generalswitch system may be implemented in hardware as a physical switch. Thesource may be represented as an IDE drive and the destination may berepresented as a computing environment. Each source may be coupled withthe general switch system using an IDE cable. Each destination may alsobe coupled with the general switch system using an IDE cable. Accordingto one embodiment of the present invention, the switch configuration maybe represented according to the physical capabilities of the switch andwhere the IDE cables are physically coupled with the switch. Physicalmanipulation and/or twisting of the physical switch may thereby connecta given IDE cable corresponding with a source to a given second IDEcable corresponding with a destination for supporting communicationbetween the source and the destination. The communication between thesource and the destination may support bi-directional communication.According to one embodiment of the present invention, the switch may beactuated manually and/or under the direction and/or control of one ormore computing environment.

[0681] At least one trait is used to represent each source anddestination. The trait may be representative of a physical identifierand/or a logical identifier. According to the IDE example, describedabove, each IDE cable may be identified by a physical coupling with thephysical switch. The IDE drive information, (such as, for example,master and/or slave designation, drive size, etc.) may be used toidentify the drive and/or a data store coupled with the drive.

[0682] Similarly, at least one trait is used to represent eachdestination, such as, for example, a computing environment. If thecomputing environment is representative of a separate physical computingenvironment, it may be identified by the separate physical computingcharacteristics, such as, for example, a unique interface coupled withthe general switch. According to one embodiment of the presentinvention, the computing environment may be represented as a logicalcomputing environment that may share some or all of the physicalcomputing properties that correspond with another computing environment.A logical computing environment may be identified in a variety of ways,such as, for example, through a unique process identifier.

[0683] According to another embodiment of the present invention, ageneral switch system may be implemented in a combination of hardwareand software, such as, for example, through the use of a computer systemcoupled with a general switch system. The computer system is capable ofexecuting one or more computer instructions and may be used to configurethe general switch system. Several example instructions may includeconfiguring instructions, communication instructions, and accessinginstructions. Configuring instructions may be used for configuringcommunication to support enabling or disabling communication between agiven source and destination. Communication instructions may be used forreceiving, sending, and/or verifying information related to one or moreconfigurations. For example, communication instructions may be used toreceive information that may subsequently be used by a configurationinstruction. Accessing instructions may be used to read and/or writeinformation related to a switch configuration. However, one shouldappreciate that other instructions and/or sets of instructions may beused.

[0684] The data store switch system includes the functionality of ageneral switch system, where the source may represents a data store andthe destination may represent a computing environment. The generalconfiguration may be used to identify which data stores are coupled withwhich computing environments. As described above, the IDE devices mayrepresent one embodiment of a data store that may be configured tosupport communication with one or more computing environment.

[0685] According to one embodiment of the present invention, the datastore switch system may be coupled with a data store switch systemconfiguration that may extend the number and/or type of traitscorresponding with a general configuration. The data store switch systemtraits may further support configuring communication between the sourceand the destination.

[0686] The I/O switch system includes the functionality of a generalswitch system, where the source may represent a peripheral and thedestination may represent a computing environment. The generalconfiguration may be used to identify which data stores are coupled withwhich computing environments. A keyboard device may represent oneembodiment of a peripheral that may be configured to supportcommunication with one or more computing environment.

[0687] According to one embodiment of the present invention, the I/Osystem may be coupled with an I/O system configuration that may extendthe number and/or type of traits corresponding with a generalconfiguration. The I/O switch system traits support configuringcommunication between the source and the destination.

[0688] One or more trait may correspond with an output device, such as,for example, a computer monitor and/or computer graphics card. Accordingto one embodiment, a trait my correspond with a display regionassociated with a potential viewing area of the computer monitor.Display outputs from a source may be positioned according to the displayregion trait, such that output from one computing environment isdirected for display within the region associated with a region trait. Aregion trait may include a pair of x, y coordinates that define arectangular display region associated with the potential viewing area ofthe computer monitor. Accordingly, a display output from a particularcomputing environment may be represented according to one or more traitwithin the corresponding region and not another region.

[0689] One or more traits may correspond with an input device. Asdescribed above, a region trait associated with the potential viewingarea may be further extended to identify when inputs are communicated toa particular computing environment. Mouse movement and mouse commandsmay also correlate with a rectangular display region, such that inputscorresponding with the rectangular display region may be directed to thecorresponding computing environment. Consequently, mouse movementswithin a region may be communicated with a computing environment thatcorresponds with the same region.

[0690] A computing environment may execute one or more computer programinstruction. One or more computing environments may be coupled with acomputer system. The computing environment may be represented by aphysical representation, a logical representation, and/or a combinationof physical and logical representations. In a physical representation,the computing environment may incorporate a number of physical computercomponents, such as, for example, a central processing unit (CPU), oneor more memory, and one or more peripheral. In a logical computingenvironment representation provides that a first computing environmentmay coexist with other computing environments by utilizing one or morecommon computing components. The first computing environment is isolatedfrom the other computing environments such that no direct communicationis supported between the first computing environment and the othercomputing environments.

[0691] According to one embodiment, a logical computing environment andother logical computing environments may exist in different addressspaces that correspond with a computer system. Consequently, eachlogical computing environment is isolated from the operation of each ofthe other logical computing environments. Furthermore, one shouldappreciate that a variety of configurations may be used for the managingthe creation and operation of multiple logical computing environments.Furthermore, one should also appreciate that an operating system, (suchas for example Linux, Macintosh, Microsoft Windows (R), and/or otheroperating system), may correspond with a logical computing environment,a physical computing environment, and/or a combination of logical andphysical computing environments.

[0692] Each computing environment may be identified by at least onetrait selected from a wide variety of potential traits that may be usedto uniquely identify one or more of the computing environments.

[0693] One or more computing environment trait may be used to identifythe computing environment. A computing environment trait may be used touniquely identify the computing environment. The trait may identify acomputing environment through corresponding physical attributes, logicalattributes, or a combination of attributes. For example, a trait mayidentify a physical address of one or more computing system components.Alternatively, a trait may identify a logical address corresponding to alogical computing environment. Furthermore, one should also appreciatethat a trait may identify a number of characteristics of a givencomputing environment, and the number and type of corresponding traitsmay vary in accordance with the present invention.

[0694] The computing environment trait may be used to identify one ormore output as having originated from the computing environment. Thecomputing environment trait may also be used to identify one or moreinput and the corresponding computing environment that is a designatedrecipient of the input.

[0695] A data store switch communication path is used to couple acomputing environment with the data store switch. The data store switchcommunication path is used to support the communication with at leastone data store according to the data store switch configuration, asdescribed above. According to one embodiment, one of the data storescoupled with the computing environment includes an operating system thatmay be used by the computing environment as a computer boot device.

[0696] An I/O switch communication path is used to couple a computingenvironment with the I/O switch system. The I/O switch communicationpath may be used to couple one or more peripheral with one or morecomputing environments. The I/O switch system configuration may be usedto direct the output from one or more computing environments to a singleoutput device. Similarly, the I/O switch system configuration may beused to direct an input from a single peripheral computing device to oneor more computing environments.

[0697] Each computing environment is typically capable of performingprocessing activities including receiving input from one or moreperipheral through the I/O switch system, and sending output to one ormore peripheral through the I/O switch system. The processing activityperformed by one computing environment is typically independent of theprocessing activities of another computing environment. According to oneembodiment of the present invention, a potentially malicious processingactivity of one computing environment does not directly interfere withthe processing activity of another computing environment.

[0698] A controlling computing environment may be selected from thecomputing environments for configuring and/or reconfiguring the datastore switch system configuration and/or the I/O switch systemconfiguration. The data store switch system configuration may supportcommunication between the control computing environment and theprotected data store, as described above. According to one embodiment ofthe present invention, an initial boot sequence may identify initialconfiguration information within the computer CMOS data to identify thecontrol computing environment, the protected data store, and initiateconfiguration of the data store switch system configuration and/or theI/O switch system configuration.

[0699] One or more user computing environment may be selected from thecomputing environments to perform computer processing in isolation fromthe controlling computing environments and other user computingenvironments. Data (such as computer files) may be received by the usercomputing environment through a data store that may be communicativelycoupled with the user computing environment. According to oneembodiment, the controlling computing environment that may becommunicatively coupled with a first data store that may include userinformation and a protected data store that may also include userinformation. The controlling computing environment is configured tosupport copying information between the protected data store and thefirst data store. After the controlling computing environmentinitializes the first data store then the first data store may becommunicatively de-attached from the controlling computing environmentand then attached to the user computing environment for use independentof other computing environments. After the user computing environmentcompletes an activity (such as for example, editing a file, receivingemail, etc.) then the first data store may be communicativelyde-attached from the user computing environment and attached to thecontrolling computing environment. Again, the controlling computingenvironment is configured to support copying information between theprotected data store and the first data store. Consequently, data may besaved independently of the processing activities of the user computingenvironment. Accordingly, malicious code being processed within a usercomputing environment does not corrupt other files and/or data stored ona protected data store.

[0700] The I/O switch system configuration may be configured to direct areceived input to at least one of the computing environment based on acorresponding trait. And, the I/O switch system configuration may beconfigured to direct an output generated by one or more of the computingenvironments to a peripherals based on a corresponding trait.

[0701]FIGS. 20, 21, and 22 illustrates a method for using a computersystem capable of supporting multiple independent computing environmentsmay now be illustrated.

[0702] According to one method, using multiple independent computingenvironments (1508-N) may include initiating a system startup (1602),configuring the I/O switch system configurations (1512) at 1604 and datastore switch configurations 1506 at 1604, configuring the I/O switchsystem 1510 to support communication, configuring the data store switchsystem 1504 to support communication, performing control processing at1623, and user processing at 1631. Typically the control processing mayalso include control setup processing at 1615 and control saveprocessing at 1621.

[0703] Initiating a system startup at 1602 may include an initial bootsequence similar to known boot sequences of a computer system. The bootsequence may further include support for defining and/or modifying oneor more switch configuration at 1604, such as, for example, a data storeswitch configuration and/or an I/O switch configuration. The initialconfiguration of each switching system may be initiated to establish oneor more communication paths between one or more source and one or moredestination according to the corresponding switch configuration 1604.

[0704] According to one embodiment of the present invention, the powermay be turned on via a physical switch 1704 to initiate a systemstartup. At system startup, a CMOS memory 1708 may be used to define oneor more step of the initialization process and/or boot sequence. Theboot sequence 1706 may use information coupled with the CMOS 1708 toestablish a switch system configuration and subsequently initialize thecorresponding switch system to apply and/or modify the configuration tocommunicatively couple sources and destinations. One or more computingenvironments may also be initiated by the system startup at 1602.

[0705] Establishing a computing environment at 1608 and 1622 may includeconfiguring the I/O switch system configurations and data store switchconfigurations, configuring the I/O switch system to supportcommunication, and configuring the data store switch system to supportcommunication

[0706] According to one embodiment, two data stores (such as, forexample, data stores 1502-1, 1502-N) may be coupled with a computingenvironment. The first data store may include an operating system tosupport the processing activities of the computing environment. Thesecond data store may include a variety of information that may be usedor operated on by the computing environment. The variety of informationmay, for example, include specific user information and/or configurationinformation. Specific user information may include a document that is tobe edited by a user. Configuration information may be used of acontrolling computing environment to configure a data store switchconfiguration and/or an I/O switch configuration.

[0707] Typically a control computing environment is established at 1608before any user computing environments are established. A first controlcomputing environment may be established by the boot sequence asdescribed above. The first data store may support an computer operatingsystem. The second data store may represent the protected data store.After the data stores are coupled to the computing environment, then thecomputing environment may boot to allow a user to interact with thecomputing environment. User inputs may be received through the I/Oswitch system 1510 that is configured to communicate inputs thatcorrespond with traits of the control computing environment (such as,for example, a region trait and an computing environment identificationtrait) to the control computing environment. Similarly, outputs from thecontrol computing environment may be sent to a peripheral (such as, forexample, peripheral 1514-1, . . . , 1514-N) based on the traits thatcorrespond with the control computing environment. Accordingly, thecontrol computing environment may boot from the first data store andhave access to the protected data store. Consequently, a user mayinteract with the control computing environment.

[0708] Ideally, the only type of computing environment capable ofconfiguring a switch system is the control computing environment. Thecontrol computing environment may re-configure the switch systemconfigurations such as the data store switch configuration and the I/Oswitch configuration. The configuration of the corresponding switchsystem may be activated in a variety of ways, such as, for exampleconfiguring and or reconfiguring communication through the switch whenany change to a supporting switch configuration is made and/ordetermined. Further, communication between the control computingenvironment and a switch system and/or switch system configuration maybe encrypted to help ensure that only the control computing environmentis capable of configuring the switch systems.

[0709] User processing within the control computing environment isminimized to reduce the potential for corruption of information (such asfor example, files) corresponding to the protected data store. Accordingto one embodiment of the present invention, if a user initiates a useroperation, such as an activity that may typically be performed by auser, (such as, for example, email, word processing, etc.) then the useroperation may be processed in a separate computing environment.

[0710] The control computing environment may receive a user input toinitiate a user operation. A computer mouse input may be received by theI/O switch system and directed to the control computing environmentaccording to the I/O switch system configuration. Other inputs fromother peripherals may also be received by the control computingenvironment through the I/O switch system.

[0711] The user of a control computing environment may initiate a useroperation. In one example, the user may double click on a particularicon displayed within a region of the monitor. The mouse action may bereceived by the control computing environment and result in theinitialization at 1612 of a separate computing environment to performuser processing at 1631, such as, for example word processing.

[0712] The control computing environment may initialize the creation ofa separate processing environment to perform the word processingcorresponding with an existing and or new document. If this is anexisting document, the control computing session may need to copy a copyof the document to a third data store for subsequent use by a usercomputing environment.

[0713] The control computing environment may configure the switchsystems to support the user environment. The data store switch systemmay be configured to couple a third data store and a fourth data storewith the user computing environment. The I/O switch system may beconfigured to couple peripherals with the user computing environment,such as, for example, a region of the display may be coupled with theuser computing environment. The user computing environment may also beinitiated by a signal or event triggered by the changes to one or moreswitch configurations. A variety of alternative approaches may also beused to initialize the user computing environment.

[0714] As part of the initialization at 1606 of the user computingenvironment, the file to be edited may be launched after the usercomputing environment is booted. According to another embodiment, anexisting user computing environment may be coupled with a correspondingdata store to make the file available for processing within the usercomputing environment. According to one embodiment of the presentinvention, the file or files to be edited may reside in a predefinedlocation, such that a corresponding application may be launched to openthe corresponding files and/or support the user activity.

[0715] Control processing may be performed by the controlling computingenvironment, and may include configuring one or more switchconfigurations, initialization the reconfiguration of one or more switchsystems, copying information between one data store to other datastores, copying information between the protected data store and otherdata stores.

[0716] User processing may include interaction with the controllingcomputing environment and user computing environments. Any processingtypically associated with function that may be performed by a user maybe configured for processing in an independent user computingenvironment. Accordingly, the user processing activities may notdirectly interfere with the processing activities of the controllingcomputing environment and/or the processing activities of other usercomputing environments. Information may be made accessible to the usercomputing environment through the copying of computer information fromone data store to another data store depending on the computerinformation that is necessary to support a particular user processingactivity, such as, for example, a word processing activity, may requireaccess to a user file to be edited.

[0717] Typically, the control computing process may include controlsetup processing at 1615 and control save processing at 1628. Thecontrol setup may be used to support the establishment of a usercomputing environment to be used to perform at least one processingactivity, such as, for example, a word processing activity. Control saveprocessing may include saving user information to a protected datastore. Once the user processing activity is completed, then informationrelated to the user processing activity may be saved into the protecteddata store at 1618 without allowing the user computing environment toperform the save function directly into the protected data store.

[0718] According to one embodiment of the present invention, thecontrolling computing environment may copy one or more file to atemporary data store. The controlling computing environment may update adata store switch configuration at 1616 to allow a user computingenvironment access to the temporary data store. According to oneembodiment the controlling computing environment may verify the usercomputing environment has be communicatively coupled with the temporarydata store. Subsequently, the controlling computing environment may waitfor the processing corresponding to one or more user computingenvironment at 1614 to complete. While waiting for the user computingenvironment to complete the controlling computing environment performthe function that may correspond with general desktop functionality. Thedesktop functionality may correspond to the management of data stores,configuring data stores, and copying of computing information betweendata stores, such as, for example, to clean one or more data stores of acomputer virus. Typically, the functionality corresponding to thedesktop functionality is limited to reduce the possibility of corruptingthe computing information stored in the protected data store.

[0719] At the completion of a user processing activity, the controllingcomputing environment may be notified according to a variety ofdifferent notification approaches. According to one such approach, theuser computing environment may terminate such that the termination issensed by the corresponding switch system. The switch system mayactivity notify the control computing environment that the data maycontain user information that should be placed in the protected datastore.

[0720] In response to the completion of the user activity, the controlcomputing environment may couple the user data store with thecontrolling computing environment such that the user information and/orfiles may be copied to the protected data store independently of anyprocess that may have been performed by the user computing environment.Accordingly, other files stored with the protected data store would notbe corrupted by the operation of the independent user computingenvironment.

[0721] According to one embodiment of the present invention, a file savecommand may be used as a triggering event that causes the controllingcomputing environment to store a user file to the protected data storeindependently of other operations that may be preformed within thecontext of the user computing environment.

[0722] According to one embodiment of the present invention, a temporarydata store may be coupled with both a user computing environment and acontrolling computing environment such that the user computingenvironment cannot corrupt other files coupled with the controllingcomputing environment. The user computing environment may save a file ina temporary data store, where the controlling computing environment mayinclude the ability to copy the file to the protected data store and/oran intermediate data store. An intermediate data store may besubsequently used to save a corresponding file to the protected datastore, such as, for example, when the user application is closed.Communication between a user computing environment may be passivelyimplemented to help ensure the user computing environment can notcorrupt files stored in a protected data store.

[0723] A user file may be saved to a temporary data store, as the resultof a file save command. Subsequent to the initiation of the savecommand, the data store switch system may verify that the data store iscoupled with a saved file. If the file was present, then a series ofinstructions may be executed to copy the file from temporary data storeto the protected data store.

[0724] According to one embodiment of the present invention, thecontrolling computing environment may wait for a corresponding usercomputing environment to complete a user activity, such as, for example,saving the file. Subsequently, the data store switch may beconfiguration to uncouple the temporary data store from the usercomputing environment. The temporary data store may then be coupled withthe controlling computing environment. The protected data is alsocoupled with the controlling computing environment. The file may becopied from the temporary data store to the protected data storeindependently of the user computing environment. The temporary datastore may then be uncoupled from the controlling computing environmentand recoupled with the user computing environment.

[0725] According to an alternative embodiment of the present invention,the save process may trip and/or set a flag corresponding to a switchingsystem that is communicated to the controlling computing environment.The presence of one or more files may be verified. If the verificationof files indicates the presence of files, then a series of computerinstructions may be executed to copy one or more file from the temporarydata store to the protected data store.

[0726] According to an alternative embodiment of the present invention,a keyboard command (such as, for example, Control S) may be used to savea file. The I/O switch system may be configured to communicate thecommand sequence to both the user computing environment and the controlcomputing environment. Consequently, the control computing environmentmay reconfigure the data store switch and/or the I/O switch system tosupport copying the file saved in the user computing environment to aprotected data store.

[0727] According to an alternative embodiment of the present invention,the file could be transferred to protected data store when the usercomputing environment is closed and/or shutdown. One or more of theswitch systems could sense the closure and/or shutdown. According to oneembodiment of the present invention, a closed user computing environmentmay be verified by the data store switch system by an altered powerstate corresponding to the data store that may have been supplied by theuser computing environment.

[0728] According to an alternative embodiment of the present invention,a graphical region corresponding with a computer display monitor may beused to identify when user inputs have been received that correspondwith a particular computing environment. The user input may be analyzedwithin the I/O switch system and/or within the controlling computingenvironment depending on the specific implementation. According to oneembodiment, a save command and/or a close command corresponding with auser computing environment may be used to identify that user informationmay need to be saved to a protected data store, and/or trigger thesaving of computer information to a protected data store.

[0729] Closing the user computing environment may include turning apower switch off. A switching system may be capable of sensing a changein power consumption and/or interruption. If the user closes anapplication and a corresponding user computing environment then thecontrolling computing environment may sense the transition and save anycorresponding user data to the protected data store. Beforereconfiguring the data stores, a corresponding switch system may verifythat the power to the data store containing the user data is disabledand/or in an off state. The controlling computing environment may thenuncoupled the data store containing user information from the usercontrolling environment and copy the user information to a protecteddata store, as described above.

[0730] According to one embodiment of the present invention, data storesmay be cleaned after they are coupled with a user computing environment.The controlling computing environment may reformat and/or clean one ormore data stores after a user computing environment has used the datasource. A master template data store may also be used to initialize adata store prior to coupling the data store with a user computingenvironment. According to another embodiment, the controlling computingenvironment may initiate another user computing process that is definedto support reformatting and/or cleansing one or more data stores.

[0731] The terms used in the present disclosure may use or maycorrespond with one or more other terms disclosed herein. Severalexamples of terms that may correspond with other and/or build upon arenow described. The additional terms are intended to disclose somepotential variations. A control computing environment may correspondsimilar functionality such as, for example: a combination of a ROM, amemory and a logic controller; a BAR switching system; a commoncontroller. A User computing environment may be related to: a datastorage device, explosion room, a MAW, a Network accessible data storagedevice; a working system. An I/O Switch System may be related to: aswitching process; netlock device; and/or a net-lock system. A Freez-Bmay be related to a Freeze Buster. A data store switch system may berelated to a switching system. A general switch system may be relatedto: a switching process; and/or a DRAMUS switch. A data store may berelated to: a data storage device. These additional descriptions are notintended to limit the present invention.

[0732] An additional disclosure directed to aspects and features of theinvention is provided in an appendix.

[0733] The foregoing descriptions of specific embodiments and best modeof the present invention have been presented for purposes ofillustration and description. They are not intended to be exhaustive orto limit the invention to the precise forms disclosed, and obviouslymany modifications and variations are possible in light of the aboveteaching. The embodiments were chosen and described in order to bestexplain the principles of the invention and its practical application,to thereby enable others skilled in the art to best utilize theinvention and various embodiments with various modifications as aresuited to the particular use contemplated. It is intended that the scopeof the invention be defined by the claims appended hereto and theirequivalents.

What is claimed is:
 1. A method for a computer repairing itself to anoperational status at any time during operation, the method comprisingthe computer-executed steps of: booting from a first hard disk driveboot device disposed within a main computer hardware box of thecomputer; then, in response to a signal indicating a need for repair ofthe computer during the booting or during any operating state, bootingfrom a second hard disk drive boot device also disposed within the maincomputer hardware box of the computer prior to the signal indicating aneed for repair; and then repairing software on the first hard diskdrive boot device while booted from the second hard disk drive bootdevice and selectively either: (i) maintaining operation of the computerfrom the second boot device to restore operational status of thecomputer during repairing of the software on the first hard disk device,or (ii) changing to operation of the computer from the second bootdevice to the first boot device to restore operational status of thecomputer.
 2. The method of claim 1, wherein the step of repairingsoftware further comprises: copying software from a device other thanthe first boot device onto the first boot device.
 3. The method of claim2, wherein the step of copying software further comprises: copying anyof application, operating-system and repair-process software.
 4. Themethod of claim 2, wherein the step of copying software furthercomprises: copying any of a boot record, a partition table, and a basicinput-output system (BIOS).
 5. The method of claim 2, wherein the stepof repairing software further comprises: copying software from thesecond boot device onto the first boot device.
 6. The method of claim 5,wherein the step of repairing software further comprises: copying one oftemplate, backup and archive software from a device other than the firstboot device onto the first boot device.
 7. The method of claim 6,wherein the step of repairing comprises: copying one of template, backupand archive software from the second boot device onto the first bootdevice.
 8. The method of claim 1, wherein the step of booting from asecond boot device comprises: switching the second boot device, therebymaking the second boot device bootable.
 9. The method of claim 8,wherein the step of switching comprises: generating the signalindicating a need for repair.
 10. The method of claim 8, wherein thestep of booting from a second boot device comprises: logically switchingthe second boot device.
 11. The method of claim 8, wherein the step ofbooting from a second boot device comprises: physically switching thesecond boot device.
 12. The method of claim 11, wherein the step ofphysically switching comprises: altering identification jumpers of adata storage device to be switched.
 13. The method of claim 11, whereinthe step of physically switching comprises: turning on or off the powerto a data storage device to be switched.
 14. The method of claim 1,wherein the signal is generated by a user altering the state of aphysical switch different from an on-off switch of the computer andexposed on an exterior surface of the main computer hardware box of thecomputer.
 15. The method of claim 1, wherein the step of repairingsoftware comprises: automatically repairing software on the first bootdevice.
 16. The method of claim 15, wherein the step of automaticallyrepairing software comprises: automatically repairing software on thefirst boot device without further direction from the user.
 17. Themethod of claim 15, wherein the step of automatically repairing softwarecomprises: repairing software on the first boot device according topreset preferences.
 18. The method of claim 17, wherein the repairingaccording to preset preferences comprises: repairing according towhether to recover data; to run a virus check; to reformat the firstboot device; to revert to a backup; or to run diagnostics.
 19. Themethod of claim 1, wherein the step of repairing software comprises:reformatting the first boot device; and then copying software onto thefirst boot device.
 20. The method of claim 1, wherein the step ofrepairing software comprises: resetting parameters in a persistentmemory; and then copying software onto the first boot device.
 21. Themethod of claim 1, further comprising the step of: directing a user tore-boot from the first boot device.
 22. The method of claim 1, whereinbefore the step of booting from the second boot device, the followingstep is performed: installing software onto the second boot device. 23.The method of claim 22, wherein the step of installing software onto thesecond boot device comprises one method from the following set ofmethods: a. installing software onto the second boot device; b. copyinginstalled software onto the second boot device; c. copying installationsoftware onto the second boot device; and d. writing onto the secondboot device a version of an operating environment running as a result ofthe boot from the first boot device.
 24. The method of claim 22, whereinthe step of installing software onto the second boot device comprisesone method from the following set of methods: a. installing softwareonto the second boot device; b. copying installed software onto thesecond boot device; c. copying installation software onto the secondboot device; and d. writing onto the second boot device a template of anoperating environment running as a result of the boot from the firstboot device.
 25. The method of claim 22, wherein after the step ofinstalling and before the step of booting from the second boot device,the following step is performed: updating the software installed ontothe second boot device.
 26. The method of claim 22, wherein after thestep of installing and before the step of booting from the second bootdevice, the following step is performed: protecting the second bootdevice from further modification.
 27. The method of claim 26, whereinthe step of protecting comprises one of: switching the second bootdevice to a state of unavailability; and switching the second bootdevice to a read-only state.
 28. The method of claim 1, wherein beforethe step of repairing software the following step is performed: offeringa user a choice of thoroughness of repair.
 29. The method of claim 1,wherein before the step of booting from the second boot device, thefollowing step is performed: automatically monitoring an operatingenvironment running as a result of the booting from the first bootdevice.
 30. The method of claim 29, further comprising the step of:detecting an undesirable change in the operating environment; andgenerating the signal indicating a need for repair in response to thedetection.
 31. The method of claim 1, wherein before the step of bootingfrom the second boot device, the following step is performed:automatically searching for boot devices.
 32. The method of claim 1,wherein: the step of repairing software further comprises copyingsoftware from the second boot device onto the first boot device; thestep of copying software further comprises copying any of application,operating-system and repair-process software, and copying any of a bootrecord, a partition table, and a basic input-output system (BIOS); thestep of repairing software further comprises copying one of template,backup and archive software from a device other than the first bootdevice onto the first boot device; the step of repairing comprisescopying one of template, backup and archive software from the secondboot device onto the first boot device; the step of booting from asecond boot device comprises switching the second boot device to makethe second boot device bootable; the step of switching comprisesgenerating the signal indicating a need for repair; the step of bootingfrom a second boot device comprises one of logically switching thesecond boot device, and physically switching the second boot device; andthe step of physically switching comprises altering identificationjumpers of a data storage device to be switched, or turning on or offthe power to a data storage device to be switched; the signal isgenerated by a user altering the state of a physical switch differentfrom an on-off switch of the computer and exposed on an exterior surfaceof the main computer hardware box of the computer; and the step ofrepairing software comprises automatically repairing software on thefirst boot device without further direction from the user according topreset preferences, the preset preferences selected from the setconsisting of repairing according to whether (i) to recover data, (ii)to run a virus check, (iii) to reformat the first boot device, (iv) torevert to a backup; (v) to run diagnostics, and (vi) combinationsthereof.
 33. The method of claim 32, wherein the step of repairingsoftware further comprises: reformatting the first boot device; and thencopying software onto the first boot device.
 34. The method of claim 32,wherein the step of repairing software further comprises: resettingparameters in a persistent memory; and then copying software onto thefirst boot device.
 35. The method of claim 1, wherein before the step ofrepairing software the following step is performed: offering a user achoice of thoroughness of repair selected from the set of repairsconsisting of a quick repair that re-installs or copies templatesoftware without first re-formatting, a better repair that performs ahigh-level re-format before that copy or re-installation of software,and a best repair that performs a low-level re-format before copyingover or re-installing software.
 36. A computer comprising: a maincomputer hardware box; a CPU disposed within the main computer hardwarebox; a memory disposed within the main computer hardware box; first andsecond controllers for respective first and second hard disk drive datastorage devices disposed within the main computer hardware box; a bus,communicatively coupling the CPU, memory and first and secondcontrollers; and a switch, communicatively coupled to the second harddisk drive data storage device, for altering the accessibility of thesecond data storage device to the CPU and exposed through the maincomputer hardware box or at a surface of the main computer hardware boxfor manipulation by a user.
 37. The computer of claim 36, wherein thesecond data storage device contains one of a backup and a mastertemplate.
 38. The computer of claim 36, further comprising a powersupply, for powering the CPU and the switch.
 39. The computer of claim38 wherein the power supply comprises: the power supply, for poweringthe switch when not powering the CPU.
 40. The computer of claim 36,wherein the switch is mechanical.
 41. The computer of claim 36, whereinthe switch is at least partially software.
 42. The computer of claim 36,the switch comprising: a switch for switching an identification settingof the second data store.
 43. The computer of claim 36, the switchcomprising: a switch for switching power to the second data store. 44.The computer of claim 36, further comprising: an output device.
 45. Thecomputer of claim 41, wherein the output device comprises one from theset comprising a CRT, an LED, and an LCD.
 46. The computer of claim 36,wherein the second data storage device comprises: a read-only datastorage device.
 47. The computer of claim 36, wherein the second datastorage device comprises: an externally located data storage device. 48.The computer of claim 36, wherein the second data storage devicecomprises: a data storage device located over a network.
 49. Thecomputer of claim 36, wherein the second data storage device comprises:a data storage device co-located with the first data storage device. 50.The computer of claim 36, wherein the switch comprises: a controller formonitoring the first and second data storage devices to prevent damageto the first or second data storage device during switching.
 51. Acomputer system comprising: a plurality of data stores including atleast one protected data store; a plurality of switching system forcommunicatively coupling at least one source with a plurality ofdestinations, including a data store switch system wherein said sourceis a data store source, and a I/O switch system wherein said source is aperipheral source; a plurality of computing environments for performinga processing activity independently of another computing environment,each said computing environment is identified by at least one traitselected from a plurality of traits, coupled between said data storeswitch system and said I/O switch system, wherein said destination issaid computing environment, said switching system communicativelycouples said source and said destination according to said traits; atleast one control computing environment selected from said plurality ofcomputing environments for configuring said switch configurationaccording to said processing activity and said traits, communicativelycoupled with said protected data store; and at least one user computingenvironment selected from said plurality of computing environments,wherein said processing activity is not performed on said protected datastore.
 52. The computer system of claim 51, wherein said computingsystem is further comprises: a main computer hardware box; a CPUdisposed within the main computer hardware box; a memory disposed withinthe main computer hardware box; said data store switch system coupledbetween said memory and said CPU, said I/O switch system coupled betweensaid peripheral and said CPU, said plurality of switching systemsdisposed within the main computer hardware box; and a bus,communicatively coupling the CPU, memory, data store switch system, andI/O switch system.
 53. The computer system of claim 51, wherein saidcomputing system further comprises: a main computer hardware box; atleast three CPUs including a control computing CPU and a plurality ofuser computing CPUs, said CPUs disposed within the main computerhardware box; at least three memories disposed within the main computerhardware box; said data store switch system coupled between saidmemories and said CPUs, said I/O switch system coupled between saidperipheral and said CPUs, said plurality of switching systems disposedwithin the main computer hardware box; and a bus, communicativelycoupling the CPUs, the memories, the data store switch system, and theI/O switch system, wherein said control computing environment is coupledwith a control computing CPU, and said user computing environment iscoupled with a second CPU selected from said user computing CPUs.
 54. Acomputer system comprising: a plurality of data stores including aplurality of magnetic rotatable disk drives; a protected data storeselected from said plurality of data stores for storing at least saiduser data; a data store switch system coupled with said plurality ofdata stores, said switch system coupled with a data store switchconfiguration for configuring communication with one or more data store;an I/O switch system coupled with at least one peripheral, said I/Osystem coupled with an I/O system configuration including a plurality oftraits for configuring said communication with said peripheral; aplurality of computing environments, each said computing environmentidentified by at least one trait selected from said plurality of traits,including: a data store switch communication path coupled with said datastore switch, said data store switch communication path coupling atleast one data store with said computing environment according to saiddata store switch configuration; an I/O switch communication pathcoupled with said I/O switch system, said I/O switch communication pathfor coupling said peripheral with said computing environment accordingto said I/O switch system configuration; said computing environmentcapable of performing a processing activity including receiving inputfrom said I/O switch system and sending output to said I/O switchsystem, said processing activity performed independently of saidprocessing activity of another computing environment; a controlcomputing environment selected from said plurality of computingenvironments for configuring said data store switch configuration, forconfiguring said I/O switch system configuration, said data store switchconfiguration supporting communication between said control computingenvironment and said protected data store; and at least one usercomputing environment selected from said plurality of computingenvironments; wherein said I/O switch system configuration is configuredto direct a received input to at least one of said computing environmentbased on said trait, said I/O switch system configuration is configuredto direct an output generated by one or more of said plurality ofcomputing environments to said peripheral based on said trait.
 55. Acomputer system comprising: a communication device for communicatingover a communications link to a second computer system, a port forcommunicatively coupling said computer system and said communicationdevice over a bus having a plurality of data lines; and a switch coupledwithin said data line selected from said plurality of data lines forenabling and disabling said communication device.
 56. The computersystem of claim 55 wherein said communication device is a networkinterface card disposed within a main computer hardware box and saidswitch is affixed to said network interface card.
 57. A computer systemcomprising: a port for communicatively coupling said computer system anda peripheral over a bus having a plurality of data lines; and a switchcoupled to at least one data line selected from said plurality of datalines for cycling said peripheral.
 58. The computer system of claim 57wherein said port is serial controller, said peripheral is a serialmouse, said bus is a serial bus coupling said serial mouse and saidport, wherein said cycling includes temporarily grounding said data linefor resetting said coupling between said computer system and saidperipheral.
 59. A computer system comprising: a plurality of bootabledata stores; a boot drive selected from said plurality of bootable datastores for booting said computer system; and a physical data storeswitch coupled with said plurality of bootable data stores for alteringthe accessibility of said bootable data stores and identifying said bootdrive.
 60. The computer system of claim 59 further comprising: a maincomputer hardware box; a CPU disposed within the main computer hardwarebox; a memory disposed within the main computer hardware box; and a bus,communicatively coupling the CPU, the memory, and the physical datastore switch for altering the identification of the bootable data storesto the CPU, said physical data store switch exposed through the maincomputer hardware box or at a surface of the main computer hardware boxfor manipulation by a user.
 61. A computer system comprising: one ormore peripheral devices including a means for communication, an couplingmember, and a capability for emitting light; a receptacle mechanicallycoupled with said computer system for engaging said coupling member ofsaid peripheral device; and a port for communicatively coupling saidcomputer system and said peripheral devices coupled with receptacle. 62.A computer system comprising: a plurality of data stores; a data storeswitch coupled with said plurality of data stores for altering theaccessibility of said data store; a peripheral controller forcommunicatively coupling said data store switch and said computersystem; an accessible data store selected from said plurality of datastores communicatively coupled with said peripheral controller; and acomputer program including at least one instruction capable of executingon said computer system, said instruction for analyzing said accessibledata store to determine a health of said accessible data store; saidhealth selected from a group of healths consisting of: a corruptionhealth, and a correct health; if said corruption health is determinedthen said data store switch is actuated to remove accessibility to saidaccessible data store, and add a second accessible data store, if saidcorrect health then said data store switch remains is not altered. 63.The computer system of claim 62 further comprising: a main computerhardware box; a CPU disposed within the main computer hardware box; amemory disposed within the main computer hardware box; each of said datastore represents a computer hard disk drive, said plurality of datastores includes eight data stores disposed within the main computerhardware box; wherein said health is determined for one data store insaid plurality of said data stores, if said health is said corruptionhealth then a successive data store health is determined; and a bus,communicatively coupling the CPU, memory and plurality of data stores.64. A method for a computer repairing itself to an operational status atany time during operation, the method comprising the computer-executedsteps of: booting from a first hard disk drive boot device disposedwithin a main computer hardware box of the computer; then, in responseto a signal indicating a need for repair of the computer during thebooting or during any operating state, booting from a second hard diskdrive boot device also disposed within the main computer hardware box ofthe computer prior to the signal indicating a need for repair; and thenrepairing software on the first hard disk drive boot device while bootedfrom the second hard disk drive boot device and selectively either: (i)maintaining operation of the computer from the second boot device torestore operational status of the computer during repairing of thesoftware on the first hard disk device, or (ii) changing to operation ofthe computer from the second boot device to the first boot device torestore operational status of the computer.
 65. The method of claim 64,wherein: the step of repairing software further comprises: (i) copyingsoftware from a device other than the first boot device onto the firstboot device, and the step of copying software further comprises copyingany of application, operating-system and repair-process software,wherein such copying may include copying any of a boot record, apartition table, and a basic input-output system (BIOS); (ii) copyingsoftware from the second boot device onto the first boot device, andeither or both of copying one of template, backup and archive softwarefrom a device other than the first boot device onto the first bootdevice and copying one of template, backup and archive software from thesecond boot device onto the first boot device; the step of booting froma second boot device comprises switching the second boot device, therebymaking the second boot device bootable, and the step of switchingcomprises generating the signal indicating a need for repair; the signalis generated by a user altering the state of a physical switch differentfrom an on-off switch of the computer and exposed on an exterior surfaceof the main computer hardware box of the computer; the step ofautomatically repairing software comprises automatically repairingsoftware on the first boot device without further direction from theuser including repairing software on the first boot device according topreset preferences; the repairing according to preset preferencesincludes repairing according to whether to recover data, to run a viruscheck, to reformat the first boot device, to revert to a backup, to rundiagnostics; the step of repairing software further includes resettingparameters in a persistent memory; and then copying software onto thefirst boot device; wherein before the step of booting from the secondboot device, installing software onto the second boot device, the stepof installing software onto the second boot device comprises oneprocedure from the following set of procedures: installing software ontothe second boot device, copying installed software onto the second bootdevice copying installation software onto the second boot device, andwriting onto the second boot device a version of an operatingenvironment running as a result of the boot from the first boot device.66. A computer comprising: a main computer hardware box or housing; aCPU disposed within the main computer hardware box; a memory disposedwithin the main computer hardware box; first and second controllers forrespective first and second hard disk drive data storage devicesdisposed within the main computer hardware box; a bus, communicativelycoupling the CPU, memory and first and second controllers; and a switch,communicatively coupled to the second hard disk drive data storagedevice, for altering the accessibility of the second data storage deviceto the CPU and exposed through the main computer hardware box or at asurface of the main computer hardware box for manipulation by a user.67. A means to switch a data line of a communications link to interruptor enable the ability of the communications link to transfer data to adata port.
 68. A means for switching a power line of a bus to poweringperipherals on or off.
 69. A method of isolating individual user datafiles in such a way that potentially malicious code is confined to adata storage device that does not contain any other user-created dataand can also be reset or repaired.
 70. An anti-theft security means toswitch a startup device if user authentication fails.
 71. A means forusing electrical connections or other elements that can be integratedinto the box of a computing device for the purposes of entertainmentand/or communication with the user.